1
2 /* Test flawfinder. This program won't compile or run; that's not necessary
3 for this to be a useful test. */
4
main()5 main() {
6 char d[20];
7 char s[20];
8 int n;
9
10 _mbscpy(d,s); /* like strcpy, this doesn't check for buffer overflow */
11 memcpy(d,s);
12 CopyMemory(d,s);
13 lstrcat(d,s);
14 strncpy(d,s);
15 _tcsncpy(d,s);
16 strncat(d,s,10);
17 strncat(d,s,sizeof(d)); /* Misuse - this should be flagged as riskier. */
18 _tcsncat(d,s,sizeof(d)); /* Misuse - flag as riskier */
19 n = strlen(d);
20 /* This is wrong, and should be flagged as risky: */
21 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName));
22 /* This is much better: */
23 MultiByteToWideChar(CP_ACP,0,szName,-1,wszUserName,sizeof(wszUserName)/sizeof(wszUserName[0]));
24 }
25
26
27