27 lines
750 B
C
27 lines
750 B
C
|
|
||
|
/* Test flawfinder. This program won't compile or run; that's not necessary
|
||
|
for this to be a useful test. */
|
||
|
|
||
|
main() {
|
||
|
char d[20];
|
||
|
char s[20];
|
||
|
int n;
|
||
|
|
||
|
_mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
|
||
|
memcpy(d,s);
|
||
|
CopyMemory(d,s);
|
||
|
lstrcat(d,s);
|
||
|
strncpy(d,s);
|
||
|
_tcsncpy(d,s);
|
||
|
strncat(d,s,10);
|
||
|
strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
|
||
|
_tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
|
||
|
n = strlen(d);
|
||
|
/* This is wrong, and should be flagged as risky: */
|
||
|
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
|
||
|
/* This is much better: */
|
||
|
MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
|
||
|
}
|
||
|
|
||
|
|