|
|
|
// CVE: CVE-2018-6836
|
|
// This is a simplified code example based on CVE-2018-11360.
|
|
|
|
void *malloc(unsigned long);
|
|
void free(void *);
|
|
|
|
void f(int size)
|
|
{
|
|
char *ia5_string = malloc(size); // Hint: Off by one
|
|
for (int i = 0; i <= size; i++)
|
|
ia5_string[i]=0; // BUG
|
|
free(ia5_string);
|
|
}
|
|
|