<!doctype html>
<html>
<head>
<title>C:\Users\Alexander Riccio\SARD_BAD_scratch\SARD.testsuite-100.2015-12-02-23-22-45\testcases\000\149\055\ahdec1-bad.c</title>
<style type="text/css">
body { color:#000000; background-color:#ffffff }
body { font-family:Helvetica, sans-serif; font-size:10pt }
h1 { font-size:14pt }
.code { border-collapse:collapse; width:100%; }
.code { font-family: "Monospace", monospace; font-size:10pt }
.code { line-height: 1.2em }
.comment { color: green; font-style: oblique }
.keyword { color: blue }
.string_literal { color: red }
.directive { color: darkmagenta }
.expansion { display: none; }
.macro:hover .expansion { display: block; border: 2px solid #FF0000; padding: 2px; background-color:#FFF0F0; font-weight: normal; -webkit-border-radius:5px; -webkit-box-shadow:1px 1px 7px #000; position: absolute; top: -1em; left:10em; z-index: 1 }
.macro { color: darkmagenta; background-color:LemonChiffon; position: relative }
.num { width:2.5em; padding-right:2ex; background-color:#eeeeee }
.num { text-align:right; font-size:8pt }
.num { color:#444444 }
.line { padding-left: 1ex; border-left: 3px solid #ccc }
.line { white-space: pre }
.msg { -webkit-box-shadow:1px 1px 7px #000 }
.msg { -webkit-border-radius:5px }
.msg { font-family:Helvetica, sans-serif; font-size:8pt }
.msg { float:left }
.msg { padding:0.25em 1ex 0.25em 1ex }
.msg { margin-top:10px; margin-bottom:10px }
.msg { font-weight:bold }
.msg { max-width:60em; word-wrap: break-word; white-space: pre-wrap }
.msgT { padding:0x; spacing:0x }
.msgEvent { background-color:#fff8b4; color:#000000 }
.msgControl { background-color:#bbbbbb; color:#000000 }
.mrange { background-color:#dfddf3 }
.mrange { border-bottom:1px solid #6F9DBE }
.PathIndex { font-weight: bold; padding:0px 5px; margin-right:5px; }
.PathIndex { -webkit-border-radius:8px }
.PathIndexEvent { background-color:#bfba87 }
.PathIndexControl { background-color:#8c8c8c }
.PathNav a { text-decoration:none; font-size: larger }
.CodeInsertionHint { font-weight: bold; background-color: #10dd10 }
.CodeRemovalHint { background-color:#de1010 }
.CodeRemovalHint { border-bottom:1px solid #6F9DBE }
table.simpletable {
padding: 5px;
font-size:12pt;
margin:20px;
border-collapse: collapse; border-spacing: 0px;
}
td.rowname {
text-align:right; font-weight:bold; color:#444444;
padding-right:2ex; }
</style>
</head>
<body>
<!-- BUGDESC Access out-of-bound array element (buffer overflow) -->
<!-- BUGTYPE Out-of-bound array access -->
<!-- BUGCATEGORY Logic error -->
<!-- BUGFILE C:\Users\Alexander Riccio\SARD_BAD_scratch\SARD.testsuite-100.2015-12-02-23-22-45\testcases\000\149\055\ahdec1-bad.c -->
<!-- FILENAME ahdec1-bad.c -->
<!-- FUNCTIONNAME test -->
<!-- ISSUEHASHCONTENTOFLINEINCONTEXT acf2e1944a866ee24cf90ab3c1764ab1 -->
<!-- BUGLINE 61 -->
<!-- BUGCOLUMN 40 -->
<!-- BUGPATHLENGTH 66 -->
<!-- BUGMETAEND -->
<!-- REPORTHEADER -->
<h3>Bug Summary</h3>
<table class="simpletable">
<tr><td class="rowname">File:</td><td>C:\Users\Alexander Riccio\SARD_BAD_scratch\SARD.testsuite-100.2015-12-02-23-22-45\testcases\000\149\055\ahdec1-bad.c</td></tr>
<tr><td class="rowname">Location:</td><td><a href="#EndPath">line 61, column 40</a></td></tr>
<tr><td class="rowname">Description:</td><td>Access out-of-bound array element (buffer overflow)</td></tr>
</table>
<!-- REPORTSUMMARYEXTRA -->
<h3>Annotated Source Code</h3>
<table class="code">
<tr><td class="num" id="LN1">1</td><td class="line"><span class='comment'>/*</span></td></tr>
<tr><td class="num" id="LN2">2</td><td class="line"><span class='comment'>Description: A string decode function misses a termination check which allows the decode to proceed past the end of the buffer.</span></td></tr>
<tr><td class="num" id="LN3">3</td><td class="line"><span class='comment'>Keywords: Port C Size0 Complex1 BufferOverflow Stack AdHocDecode NoNul</span></td></tr>
<tr><td class="num" id="LN4">4</td><td class="line"><span class='comment'>ValidArg: "a" * 31</span></td></tr>
<tr><td class="num" id="LN5">5</td><td class="line"><span class='comment'>ValidArg: "a" * 100</span></td></tr>
<tr><td class="num" id="LN6">6</td><td class="line"><span class='comment'>InvalidArg: ("a" * 30) + "%"</span></td></tr>
<tr><td class="num" id="LN7">7</td><td class="line"> </td></tr>
<tr><td class="num" id="LN8">8</td><td class="line"><span class='comment'>Copyright 2005 Fortify Software.</span></td></tr>
<tr><td class="num" id="LN9">9</td><td class="line"> </td></tr>
<tr><td class="num" id="LN10">10</td><td class="line"><span class='comment'>Permission is hereby granted, without written agreement or royalty fee, to</span></td></tr>
<tr><td class="num" id="LN11">11</td><td class="line"><span class='comment'>use, copy, modify, and distribute this software and its documentation for</span></td></tr>
<tr><td class="num" id="LN12">12</td><td class="line"><span class='comment'>any purpose, provided that the above copyright notice and the following</span></td></tr>
<tr><td class="num" id="LN13">13</td><td class="line"><span class='comment'>three paragraphs appear in all copies of this software.</span></td></tr>
<tr><td class="num" id="LN14">14</td><td class="line"> </td></tr>
<tr><td class="num" id="LN15">15</td><td class="line"><span class='comment'>IN NO EVENT SHALL FORTIFY SOFTWARE BE LIABLE TO ANY PARTY FOR DIRECT,</span></td></tr>
<tr><td class="num" id="LN16">16</td><td class="line"><span class='comment'>INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE</span></td></tr>
<tr><td class="num" id="LN17">17</td><td class="line"><span class='comment'>USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF FORTIFY SOFTWARE HAS</span></td></tr>
<tr><td class="num" id="LN18">18</td><td class="line"><span class='comment'>BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMANGE.</span></td></tr>
<tr><td class="num" id="LN19">19</td><td class="line"> </td></tr>
<tr><td class="num" id="LN20">20</td><td class="line"><span class='comment'>FORTIFY SOFTWARE SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT</span></td></tr>
<tr><td class="num" id="LN21">21</td><td class="line"><span class='comment'>LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A</span></td></tr>
<tr><td class="num" id="LN22">22</td><td class="line"><span class='comment'>PARTICULAR PURPOSE, AND NON-INFRINGEMENT.</span></td></tr>
<tr><td class="num" id="LN23">23</td><td class="line"> </td></tr>
<tr><td class="num" id="LN24">24</td><td class="line"><span class='comment'>THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND FORTIFY SOFTWARE HAS NO</span></td></tr>
<tr><td class="num" id="LN25">25</td><td class="line"><span class='comment'>OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR</span></td></tr>
<tr><td class="num" id="LN26">26</td><td class="line"><span class='comment'>MODIFICATIONS.</span></td></tr>
<tr><td class="num" id="LN27">27</td><td class="line"><span class='comment'>*/</span></td></tr>
<tr><td class="num" id="LN28">28</td><td class="line"> </td></tr>
<tr><td class="num" id="LN29">29</td><td class="line"><span class='directive'>#include <stdio.h></span></td></tr>
<tr><td class="num" id="LN30">30</td><td class="line"><span class='directive'>#include <string.h></span></td></tr>
<tr><td class="num" id="LN31">31</td><td class="line"> </td></tr>
<tr><td class="num" id="LN32">32</td><td class="line"><span class='directive'>#define <span class='macro'>MAXSIZE<span class='expansion'>32</span></span> 32</span></td></tr>
<tr><td class="num" id="LN33">33</td><td class="line"> </td></tr>
<tr><td class="num" id="LN34">34</td><td class="line"><span class='keyword'>int</span></td></tr>
<tr><td class="num" id="LN35">35</td><td class="line">hexchar(<span class='keyword'>char</span> ch)</td></tr>
<tr><td class="num" id="LN36">36</td><td class="line">{</td></tr>
<tr><td class="num" id="LN37">37</td><td class="line"> <span class='keyword'>if</span>(ch >= '0' && ch <= '9')</td></tr>
<tr><td class="num" id="LN38">38</td><td class="line"> <span class='keyword'>return</span> ch - '0';</td></tr>
<tr><td class="num" id="LN39">39</td><td class="line"> <span class='keyword'>if</span>(ch >= 'a' && ch <= 'f')</td></tr>
<tr><td class="num" id="LN40">40</td><td class="line"> <span class='keyword'>return</span> ch - 'a' + 10;</td></tr>
<tr><td class="num" id="LN41">41</td><td class="line"> <span class='keyword'>if</span>(ch >= 'A' && ch <= 'F')</td></tr>
<tr><td class="num" id="LN42">42</td><td class="line"> <span class='keyword'>return</span> ch - 'A' + 10;</td></tr>
<tr><td class="num" id="LN43">43</td><td class="line"> <span class='keyword'>return</span> 0;</td></tr>
<tr><td class="num" id="LN44">44</td><td class="line">}</td></tr>
<tr><td class="num" id="LN45">45</td><td class="line"> </td></tr>
<tr><td class="num" id="LN46">46</td><td class="line"><span class='keyword'>void</span></td></tr>
<tr><td class="num" id="LN47">47</td><td class="line">test(<span class='keyword'>char</span> *str)</td></tr>
<tr><td class="num" id="LN48">48</td><td class="line">{</td></tr>
<tr><td class="num" id="LN49">49</td><td class="line"> <span class='keyword'>char</span> buf[<span class='macro'>MAXSIZE<span class='expansion'>32</span></span>];</td></tr>
<tr><td class="num" id="LN50">50</td><td class="line"> <span class='keyword'>char</span> *p, *q;</td></tr>
<tr><td class="num" id="LN51">51</td><td class="line"> </td></tr>
<tr><td class="num" id="LN52">52</td><td class="line"> <span class='comment'>/* we're decoding in place, we need a writable string */</span></td></tr>
<tr><td class="num" id="LN53">53</td><td class="line"> strncpy(buf, str, <span class='macro'>MAXSIZE<span class='expansion'>32</span></span>);</td></tr>
<tr><td class="num" id="LN54">54</td><td class="line"> buf[<span class='macro'>MAXSIZE<span class='expansion'>32</span></span>-1] = '\0';</td></tr>
<tr><td class="num" id="LN55">55</td><td class="line"> </td></tr>
<tr><td class="num" id="LN56">56</td><td class="line"> p = buf;</td></tr>
<tr><td class="num" id="LN57">57</td><td class="line"> q = p;</td></tr>
<tr><td class="num" id="LN58">58</td><td class="line"> <span class='keyword'>while</span>(*p) {</td></tr>
<tr><td class="num"></td><td class="line"><div id="Path4" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">4</div></td><td><div class="PathNav"><a href="#Path3" title="Previous event (3)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path5" title="Next event (5)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path6" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">6</div></td><td><div class="PathNav"><a href="#Path5" title="Previous event (5)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path7" title="Next event (7)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path8" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">8</div></td><td><div class="PathNav"><a href="#Path7" title="Previous event (7)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path9" title="Next event (9)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path10" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">10</div></td><td><div class="PathNav"><a href="#Path9" title="Previous event (9)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path11" title="Next event (11)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path12" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">12</div></td><td><div class="PathNav"><a href="#Path11" title="Previous event (11)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path13" title="Next event (13)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path14" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">14</div></td><td><div class="PathNav"><a href="#Path13" title="Previous event (13)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path15" title="Next event (15)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path16" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">16</div></td><td><div class="PathNav"><a href="#Path15" title="Previous event (15)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path17" title="Next event (17)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path18" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">18</div></td><td><div class="PathNav"><a href="#Path17" title="Previous event (17)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path19" title="Next event (19)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path20" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">20</div></td><td><div class="PathNav"><a href="#Path19" title="Previous event (19)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path21" title="Next event (21)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path22" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">22</div></td><td><div class="PathNav"><a href="#Path21" title="Previous event (21)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path23" title="Next event (23)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path24" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">24</div></td><td><div class="PathNav"><a href="#Path23" title="Previous event (23)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path25" title="Next event (25)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path26" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">26</div></td><td><div class="PathNav"><a href="#Path25" title="Previous event (25)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path27" title="Next event (27)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path28" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">28</div></td><td><div class="PathNav"><a href="#Path27" title="Previous event (27)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path29" title="Next event (29)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path30" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">30</div></td><td><div class="PathNav"><a href="#Path29" title="Previous event (29)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path31" title="Next event (31)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path32" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">32</div></td><td><div class="PathNav"><a href="#Path31" title="Previous event (31)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path33" title="Next event (33)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path34" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">34</div></td><td><div class="PathNav"><a href="#Path33" title="Previous event (33)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path35" title="Next event (35)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path36" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">36</div></td><td><div class="PathNav"><a href="#Path35" title="Previous event (35)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path37" title="Next event (37)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path38" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">38</div></td><td><div class="PathNav"><a href="#Path37" title="Previous event (37)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path39" title="Next event (39)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path40" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">40</div></td><td><div class="PathNav"><a href="#Path39" title="Previous event (39)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path41" title="Next event (41)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path42" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">42</div></td><td><div class="PathNav"><a href="#Path41" title="Previous event (41)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path43" title="Next event (43)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path44" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">44</div></td><td><div class="PathNav"><a href="#Path43" title="Previous event (43)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path45" title="Next event (45)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path46" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">46</div></td><td><div class="PathNav"><a href="#Path45" title="Previous event (45)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path47" title="Next event (47)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path48" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">48</div></td><td><div class="PathNav"><a href="#Path47" title="Previous event (47)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path49" title="Next event (49)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path50" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">50</div></td><td><div class="PathNav"><a href="#Path49" title="Previous event (49)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path51" title="Next event (51)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path52" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">52</div></td><td><div class="PathNav"><a href="#Path51" title="Previous event (51)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path53" title="Next event (53)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path54" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">54</div></td><td><div class="PathNav"><a href="#Path53" title="Previous event (53)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path55" title="Next event (55)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path56" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">56</div></td><td><div class="PathNav"><a href="#Path55" title="Previous event (55)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path57" title="Next event (57)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path58" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">58</div></td><td><div class="PathNav"><a href="#Path57" title="Previous event (57)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path59" title="Next event (59)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path60" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">60</div></td><td><div class="PathNav"><a href="#Path59" title="Previous event (59)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path61" title="Next event (61)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path62" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">62</div></td><td><div class="PathNav"><a href="#Path61" title="Previous event (61)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path63" title="Next event (63)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path64" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">64</div></td><td><div class="PathNav"><a href="#Path63" title="Previous event (63)">←</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path65" title="Next event (65)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num" id="LN59">59</td><td class="line"> <span class='keyword'>if</span>(*p == '%') {</td></tr>
<tr><td class="num"></td><td class="line"><div id="Path5" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">5</div></td><td><div class="PathNav"><a href="#Path4" title="Previous event (4)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path6" title="Next event (6)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path7" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">7</div></td><td><div class="PathNav"><a href="#Path6" title="Previous event (6)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path8" title="Next event (8)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path9" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">9</div></td><td><div class="PathNav"><a href="#Path8" title="Previous event (8)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path10" title="Next event (10)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path11" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">11</div></td><td><div class="PathNav"><a href="#Path10" title="Previous event (10)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path12" title="Next event (12)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path13" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">13</div></td><td><div class="PathNav"><a href="#Path12" title="Previous event (12)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path14" title="Next event (14)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path15" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">15</div></td><td><div class="PathNav"><a href="#Path14" title="Previous event (14)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path16" title="Next event (16)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path17" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">17</div></td><td><div class="PathNav"><a href="#Path16" title="Previous event (16)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path18" title="Next event (18)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path19" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">19</div></td><td><div class="PathNav"><a href="#Path18" title="Previous event (18)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path20" title="Next event (20)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path21" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">21</div></td><td><div class="PathNav"><a href="#Path20" title="Previous event (20)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path22" title="Next event (22)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path23" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">23</div></td><td><div class="PathNav"><a href="#Path22" title="Previous event (22)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path24" title="Next event (24)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path25" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">25</div></td><td><div class="PathNav"><a href="#Path24" title="Previous event (24)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path26" title="Next event (26)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path27" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">27</div></td><td><div class="PathNav"><a href="#Path26" title="Previous event (26)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path28" title="Next event (28)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path29" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">29</div></td><td><div class="PathNav"><a href="#Path28" title="Previous event (28)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path30" title="Next event (30)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path31" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">31</div></td><td><div class="PathNav"><a href="#Path30" title="Previous event (30)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path32" title="Next event (32)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path33" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">33</div></td><td><div class="PathNav"><a href="#Path32" title="Previous event (32)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path34" title="Next event (34)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path35" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">35</div></td><td><div class="PathNav"><a href="#Path34" title="Previous event (34)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path36" title="Next event (36)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path37" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">37</div></td><td><div class="PathNav"><a href="#Path36" title="Previous event (36)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path38" title="Next event (38)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path39" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">39</div></td><td><div class="PathNav"><a href="#Path38" title="Previous event (38)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path40" title="Next event (40)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path41" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">41</div></td><td><div class="PathNav"><a href="#Path40" title="Previous event (40)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path42" title="Next event (42)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path43" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">43</div></td><td><div class="PathNav"><a href="#Path42" title="Previous event (42)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path44" title="Next event (44)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path45" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">45</div></td><td><div class="PathNav"><a href="#Path44" title="Previous event (44)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path46" title="Next event (46)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path47" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">47</div></td><td><div class="PathNav"><a href="#Path46" title="Previous event (46)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path48" title="Next event (48)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path49" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">49</div></td><td><div class="PathNav"><a href="#Path48" title="Previous event (48)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path50" title="Next event (50)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path51" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">51</div></td><td><div class="PathNav"><a href="#Path50" title="Previous event (50)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path52" title="Next event (52)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path53" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">53</div></td><td><div class="PathNav"><a href="#Path52" title="Previous event (52)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path54" title="Next event (54)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path55" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">55</div></td><td><div class="PathNav"><a href="#Path54" title="Previous event (54)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path56" title="Next event (56)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path57" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">57</div></td><td><div class="PathNav"><a href="#Path56" title="Previous event (56)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path58" title="Next event (58)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path59" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">59</div></td><td><div class="PathNav"><a href="#Path58" title="Previous event (58)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path60" title="Next event (60)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path61" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">61</div></td><td><div class="PathNav"><a href="#Path60" title="Previous event (60)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path62" title="Next event (62)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path63" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">63</div></td><td><div class="PathNav"><a href="#Path62" title="Previous event (62)">←</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path64" title="Next event (64)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path65" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">65</div></td><td><div class="PathNav"><a href="#Path64" title="Previous event (64)">←</a></div></td></td><td>Taking true branch</td><td><div class="PathNav"><a href="#EndPath" title="Next event (66)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num" id="LN60">60</td><td class="line"> <span class='comment'>/* p[2] may be past the end of the string */</span></td></tr>
<tr><td class="num" id="LN61">61</td><td class="line"> *q++ = (hexchar(p[1])<<4) | hexchar(<span class="mrange">p[2]</span>); <span class='comment'>/* FLAW */</span></td></tr>
<tr><td class="num"></td><td class="line"><div id="EndPath" class="msg msgEvent" style="margin-left:61ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">66</div></td><td><div class="PathNav"><a href="#Path65" title="Previous event (65)">←</a></div></td></td><td>Access out-of-bound array element (buffer overflow)</td></tr></table></div></td></tr>
<tr><td class="num" id="LN62">62</td><td class="line"> p += 2;</td></tr>
<tr><td class="num" id="LN63">63</td><td class="line"> } <span class='keyword'>else</span></td></tr>
<tr><td class="num" id="LN64">64</td><td class="line"> *q++ = *p++; <span class='comment'>/* FLAW */</span></td></tr>
<tr><td class="num" id="LN65">65</td><td class="line"> }</td></tr>
<tr><td class="num" id="LN66">66</td><td class="line">}</td></tr>
<tr><td class="num" id="LN67">67</td><td class="line"> </td></tr>
<tr><td class="num" id="LN68">68</td><td class="line"><span class='keyword'>int</span></td></tr>
<tr><td class="num" id="LN69">69</td><td class="line">main(<span class='keyword'>int</span> argc, <span class='keyword'>char</span> **argv)</td></tr>
<tr><td class="num" id="LN70">70</td><td class="line">{</td></tr>
<tr><td class="num" id="LN71">71</td><td class="line"> <span class='keyword'>char</span> *userstr;</td></tr>
<tr><td class="num" id="LN72">72</td><td class="line"> </td></tr>
<tr><td class="num" id="LN73">73</td><td class="line"> <span class='keyword'>if</span>(<span class="mrange">argc > 1</span>) {</td></tr>
<tr><td class="num"></td><td class="line"><div id="Path1" class="msg msgEvent" style="margin-left:12ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">1</div></td><td>Assuming 'argc' is > 1</td><td><div class="PathNav"><a href="#Path2" title="Next event (2)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num"></td><td class="line"><div id="Path2" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">2</div></td><td><div class="PathNav"><a href="#Path1" title="Previous event (1)">←</a></div></td></td><td>Taking true branch</td><td><div class="PathNav"><a href="#Path3" title="Next event (3)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num" id="LN74">74</td><td class="line"> userstr = argv[1];</td></tr>
<tr><td class="num" id="LN75">75</td><td class="line"> <span class="mrange">test(userstr)</span>;</td></tr>
<tr><td class="num"></td><td class="line"><div id="Path3" class="msg msgEvent" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">3</div></td><td><div class="PathNav"><a href="#Path2" title="Previous event (2)">←</a></div></td></td><td>Calling 'test'</td><td><div class="PathNav"><a href="#Path4" title="Next event (4)">→</a></div></td></tr></table></div></td></tr>
<tr><td class="num" id="LN76">76</td><td class="line"> }</td></tr>
<tr><td class="num" id="LN77">77</td><td class="line"> <span class='keyword'>return</span> 0;</td></tr>
<tr><td class="num" id="LN78">78</td><td class="line">}</td></tr>
<tr><td class="num" id="LN79">79</td><td class="line"> </td></tr>
</table></body></html>