/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */
static void goodG2B2()
{
wchar_t * data;
wchar_t dataBadBuffer[50];
wchar_t dataGoodBuffer[100];
if(1)
{
/* FIX: Set a pointer to a "large" buffer, thus avoiding buffer overflows in the sinks. */
data = dataGoodBuffer;
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
wcsncpy(data, source, 100-1);
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
}
}
void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_08_bad()
{
wchar_t * data;
wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t));
wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t));
if(staticReturnsTrue())
{
/* FLAW: Set a pointer to a "small" buffer. This buffer will be used in the sinks as a destination
* buffer in various memory copying functions using a "large" source buffer. */
data = dataBadBuffer;
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the sizeof(data)-strlen(data) is less than the length of source */
wcsncat(data, source, 100);
printWLine(data);
}
}
void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_10_bad()
{
wchar_t * data;
wchar_t dataBadBuffer[50];
wchar_t dataGoodBuffer[100];
if(globalTrue)
{
/* FLAW: Set a pointer to a "small" buffer. This buffer will be used in the sinks as a destination
* buffer in various memory copying functions using a "large" source buffer. */
data = dataBadBuffer;
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
SNPRINTF(data, 100, L"%s", source);
printWLine(data);
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
wchar_t * data;
wchar_t dataBadBuffer[50];
wchar_t dataGoodBuffer[100];
/* FIX: Set a pointer to a "large" buffer, thus avoiding buffer overflows in the sinks. */
data = dataGoodBuffer;
data[0] = L'\0'; /* null terminate */
{
wchar_t * dataCopy = data;
wchar_t * data = dataCopy;
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the sizeof(data)-strlen(data) is less than the length of source */
wcscat(data, source);
printWLine(data);
}
}
}
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */
static void goodG2B2()
{
wchar_t * data;
data = NULL;
if(5==5)
{
/* FIX: Allocate using new[] and point data to a large buffer that is at least as large as the large buffer used in the sink */
data = new wchar_t[100];
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if source is larger than data */
memmove(data, source, 100*sizeof(wchar_t));
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
delete [] data;
}
}
//在Win32平台下,将GBK编码转换为UTF-8
string MyUtility::gbk_2_utf8(const string text)
{
#if (CC_TARGET_PLATFORM == CC_PLATFORM_WIN32)
//采用Lambda表达式,将string转换成wstring
wstring tes = [=]() {
setlocale(LC_ALL, "chs");
const char* _Source = text.c_str();
size_t _Dsize = text.size() + 1;
wchar_t *_Dest = new wchar_t[_Dsize];
wmemset(_Dest, 0, _Dsize);
mbstowcs(_Dest,_Source,_Dsize);
std::wstring result = _Dest;
delete []_Dest;
setlocale(LC_ALL, "C");
return result;
}();
int asciSize = WideCharToMultiByte(CP_UTF8,0,tes.c_str(),tes.size(),NULL,0,NULL,NULL);
if (asciSize == ERROR_NO_UNICODE_TRANSLATION || asciSize == 0)
{
return string();
}
char *resultString = new char[asciSize];
int conveResult = WideCharToMultiByte(CP_UTF8,0,tes.c_str(),tes.size(),resultString,asciSize,NULL,NULL);
if (conveResult != asciSize)
{
return string();
}
string buffer = "";
buffer.append(resultString,asciSize);
delete[] resultString;
return buffer;
#else
return text;
#endif
}
void bad()
{
wchar_t * data;
wchar_t * &dataRef = data;
wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t));
wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t));
/* FLAW: Set a pointer to a "small" buffer. This buffer will be used in the sinks as a destination
* buffer in various memory copying functions using a "large" source buffer. */
data = dataBadBuffer;
data[0] = L'\0'; /* null terminate */
{
wchar_t * data = dataRef;
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
wcscpy(data, source);
printWLine(data);
}
}
}
void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_17_bad()
{
int i;
wchar_t * data;
wchar_t dataBadBuffer[50];
wchar_t dataGoodBuffer[100];
for(i = 0; i < 1; i++)
{
/* FLAW: Set a pointer to a "small" buffer. This buffer will be used in the sinks as a destination
* buffer in various memory copying functions using a "large" source buffer. */
data = dataBadBuffer;
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
wcscpy(data, source);
printWLine(data);
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
wchar_t * data;
CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34_unionType myUnion;
data = NULL;
/* FIX: Allocate and point data to a large buffer that is at least as large as the large buffer used in the sink */
data = (wchar_t *)malloc(100*sizeof(wchar_t));
data[0] = L'\0'; /* null terminate */
myUnion.unionFirst = data;
{
wchar_t * data = myUnion.unionSecond;
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if source is larger than sizeof(data)-strlen(data) */
wcsncat(data, source, 100);
printWLine(data);
free(data);
}
}
}
char* CpeepmBrowser::GetCookie()
{
const char* http = "http://";
UINT len = strlen(http) + strlen(Server);
char* buffer = new char[len + 1];
ZeroMemory(buffer, len + 1);
strcat(buffer, http);
strcat(buffer, Server);
wchar_t* host = CpeepmUtil::CharToWideChar(buffer, len);
ReleaseArray(buffer);
if (host == NULL)
return NULL;
wchar_t tmp[1] = {0};
DWORD size = 0;
InternetGetCookie(host, NULL, tmp, &size);
if (size == 0)
{
ReleaseArray(host);
return NULL;
}
wchar_t* cookie = new wchar_t[size / 2 + 1];
wmemset(cookie, 0, size / 2 + 1);
InternetGetCookie(host, NULL, cookie, &size);
ReleaseArray(host);
len = wcslen(cookie);
if (len > 0)
{
char* c = CpeepmUtil::WideCharToChar(cookie, len);
ReleaseArray(cookie);
return c;
}
else
{
ReleaseArray(cookie);
return NULL;
}
}
StringSearch_c::StringSearch_c ( const wchar_t * szPattern, bool bMatchCase, bool bWholeWord )
: m_iPatLen ( wcslen ( szPattern ) )
, m_iMin ( szPattern [0] )
, m_pFile ( NULL )
, m_bEndReached ( false )
, m_bMatchCase ( bMatchCase )
, m_bWholeWord ( bWholeWord )
, m_iNextOffset ( 0 )
{
Assert ( ! ( READ_BUFFER_SIZE & 1 ) );
Assert ( m_iPatLen < READ_BUFFER_SIZE );
m_iMax = m_iMin;
const wchar_t * szStart = szPattern;
while ( *szStart )
{
if ( *szStart > m_iMax )
m_iMax = *szStart;
else
if ( *szStart < m_iMin )
m_iMin = *szStart;
++szStart;
}
int iSize = m_iMax - m_iMin + 1;
m_dBadChar = new unsigned short [iSize];
wmemset ( (wchar_t*)m_dBadChar, m_iPatLen + 1, iSize );
m_szPattern = new wchar_t [ wcslen ( szPattern ) + 1 ];
wcscpy ( m_szPattern, szPattern );
if ( ! m_bMatchCase )
for ( int i = 0; i < m_iPatLen; ++i )
m_szPattern [i] = towlower ( m_szPattern [i] );
for ( int i = 0; i < m_iPatLen; ++i )
m_dBadChar [ szPattern [i] - m_iMin ] = m_iPatLen - i;
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
wchar_t * data;
wchar_t * &dataRef = data;
wchar_t dataBuffer[100];
data = dataBuffer;
/* FIX: Properly initialize data */
data[0] = L'\0'; /* null terminate */
{
wchar_t * data = dataRef;
{
size_t sourceLen;
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
sourceLen = wcslen(source);
/* POTENTIAL FLAW: If data is not initialized properly, wcsncat() may not function correctly */
wcsncat(data, source, sourceLen);
printWLine(data);
}
}
}
void bad()
{
wchar_t * data;
wchar_t * &dataRef = data;
wchar_t dataBuffer[100];
data = dataBuffer;
/* FLAW: Do not initialize data */
; /* empty statement needed for some flow variants */
{
wchar_t * data = dataRef;
{
size_t sourceLen;
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
sourceLen = wcslen(source);
/* POTENTIAL FLAW: If data is not initialized properly, wcsncat() may not function correctly */
wcsncat(data, source, sourceLen);
printWLine(data);
}
}
}
std::wstring s2ws( const std::string& s )
{
#ifdef WIN_PLATFORM
setlocale(LC_ALL, "chs");
const char* _Source = s.c_str();
size_t _Dsize = s.size() + 1;
wchar_t *_Dest = new wchar_t[_Dsize];
wmemset(_Dest, 0, _Dsize);
mbstowcs(_Dest,_Source,_Dsize);
std::wstring result = _Dest;
delete []_Dest;
setlocale(LC_ALL, "C");
return result;
#endif
// wstring rt;
// return rt;
std::wstring val = L"";
if ( NULL == s.c_str() )
{
return val;
}
//size_t size_of_ch = strlen(pc)*sizeof(char);
//size_t size_of_wc = get_wchar_size(pc);
size_t size_of_wc;
size_t destlen = mbstowcs(0,s.c_str(),0);
if (destlen ==(size_t)(-1))
{
return val;
}
size_of_wc = destlen+1;
wchar_t *pw = new wchar_t[size_of_wc];
mbstowcs(pw,s.c_str(),size_of_wc);
val = pw;
delete pw;
return val;
}
/* good1() uses if(GLOBAL_CONST_FIVE!=5) instead of if(GLOBAL_CONST_FIVE==5) */
static void good1()
{
if(GLOBAL_CONST_FIVE!=5)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
{
wchar_t data[150], dest[100];
/* Initialize data */
wmemset(data, L'A', 149);
data[149] = L'\0';
/* wcsncpy() does not null terminate if the string in the src buffer is larger than
* the number of characters being copied to the dest buffer */
wcsncpy(dest, data, 99);
dest[99] = L'\0'; /* FIX: Explicitly null terminate dest after the use of wcsncpy() */
printWLine(dest);
}
}
}
void bad()
{
wchar_t * data;
wchar_t * &dataRef = data;
data = NULL;
/* FLAW: Allocate and point data to a small buffer that is smaller than the large buffer used in the sinks */
data = (wchar_t *)malloc(50*sizeof(wchar_t));
data[0] = L'\0'; /* null terminate */
{
wchar_t * data = dataRef;
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if source is larger than data */
memmove(data, source, 100*sizeof(wchar_t));
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
free(data);
}
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
wchar_t * data;
CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_34_unionType myUnion;
wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t));
wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t));
/* FIX: Set a pointer to a "large" buffer, thus avoiding buffer overflows in the sinks. */
data = dataGoodBuffer;
data[0] = L'\0'; /* null terminate */
myUnion.unionFirst = data;
{
wchar_t * data = myUnion.unionSecond;
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
wcscpy(data, source);
printWLine(data);
}
}
}
void bad()
{
int i;
wchar_t * data;
data = NULL;
for(i = 0; i < 1; i++)
{
/* FLAW: Allocate using new[] and point data to a small buffer that is smaller than the large buffer used in the sinks */
data = new wchar_t[50];
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if source is larger than data */
wcsncpy(data, source, 100-1);
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
delete [] data;
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
wchar_t * data;
wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t));
wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t));
/* FIX: Set a pointer to a "large" buffer, thus avoiding buffer overflows in the sinks. */
data = dataGoodBuffer;
data[0] = L'\0'; /* null terminate */
{
wchar_t * dataCopy = data;
wchar_t * data = dataCopy;
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
memmove(data, source, 100*sizeof(wchar_t));
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
}
}
}
void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_13_bad()
{
wchar_t * data;
wchar_t dataBadBuffer[50];
wchar_t dataGoodBuffer[100];
if(GLOBAL_CONST_FIVE==5)
{
/* FLAW: Set a pointer to a "small" buffer. This buffer will be used in the sinks as a destination
* buffer in various memory copying functions using a "large" source buffer. */
data = dataBadBuffer;
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
memmove(data, source, 100*sizeof(wchar_t));
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
}
}
/* goodG2B() - use goodsource and badsink by changing the conditions on the for statements */
static void goodG2B()
{
int h;
wchar_t * data;
data = NULL;
for(h = 0; h < 1; h++)
{
/* FIX: Allocate and point data to a large buffer that is at least as large as the large buffer used in the sink */
data = (wchar_t *)malloc(100*sizeof(wchar_t));
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if source is larger than data */
memcpy(data, source, 100*sizeof(wchar_t));
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
free(data);
}
}
void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_17_bad()
{
int i;
wchar_t * data;
data = NULL;
for(i = 0; i < 1; i++)
{
/* FLAW: Allocate and point data to a small buffer that is smaller than the large buffer used in the sinks */
data = (wchar_t *)malloc(50*sizeof(wchar_t));
data[0] = L'\0'; /* null terminate */
}
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if source is larger than data */
memcpy(data, source, 100*sizeof(wchar_t));
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
free(data);
}
}
/* goodG2B1() - use goodsource and badsink by changing the globalFive==5 to globalFive!=5 */
static void goodG2B1()
{
wchar_t * data;
wchar_t dataBuffer[100];
data = dataBuffer;
if(globalFive!=5)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
/* FIX: Initialize data as a small buffer that as small or smaller than the small buffer used in the sink */
wmemset(data, L'A', 50-1); /* fill with L'A's */
data[50-1] = L'\0'; /* null terminate */
}
{
wchar_t dest[50] = L"";
/* POTENTIAL FLAW: Possible buffer overflow if data is larger than dest */
SNPRINTF(dest, wcslen(data), L"%s", data);
printWLine(data);
}
}
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */
static void goodG2B2()
{
wchar_t * data;
data = NULL; /* Initialize data */
if(5==5)
{
{
/* FIX: data is allocated on the heap and deallocated in the BadSink */
wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t));
if (dataBuffer == NULL)
{
printLine("malloc() failed");
exit(1);
}
wmemset(dataBuffer, L'A', 100-1); /* fill with 'A's */
dataBuffer[100-1] = L'\0'; /* null terminate */
data = dataBuffer;
}
}
printWLine(data);
/* POTENTIAL FLAW: Possibly deallocating memory allocated on the stack */
free(data);
}
/* goodG2B1() - use goodsource and badsink by changing the GLOBAL_CONST_FIVE==5 to GLOBAL_CONST_FIVE!=5 */
static void goodG2B1()
{
wchar_t * data;
data = NULL; /* Initialize data */
if(GLOBAL_CONST_FIVE!=5)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
{
/* FIX: data is allocated on the heap and deallocated in the BadSink */
wchar_t * dataBuffer = new wchar_t[100];
wmemset(dataBuffer, L'A', 100-1); /* fill with 'A's */
dataBuffer[100-1] = L'\0'; /* null terminate */
data = dataBuffer;
}
}
printWLine(data);
/* POTENTIAL FLAW: Possibly deallocating memory allocated on the stack */
delete [] data;
}
/* goodG2B1() - use goodsource and badsink by changing the globalTrue to globalFalse */
static void goodG2B1()
{
wchar_t * data;
data = new wchar_t[100];
if(globalFalse)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
/* FIX: Initialize data as a small buffer that as small or smaller than the small buffer used in the sink */
wmemset(data, L'A', 50-1); /* fill with L'A's */
data[50-1] = L'\0'; /* null terminate */
}
{
wchar_t dest[50] = L"";
/* POTENTIAL FLAW: Possible buffer overflow if data is larger than sizeof(dest)-wcslen(dest)*/
wcscat(dest, data);
printWLine(data);
delete [] data;
}
}
static void
text_new_line(TW *tw)
{
tw->CursorPos.x = 0;
tw->CursorPos.y++;
if (tw->CursorPos.y >= tw->ScreenSize.y) {
int i = tw->ScreenSize.x * (tw->ScreenSize.y - 1);
memmove(tw->ScreenBuffer, tw->ScreenBuffer+tw->ScreenSize.x,
i * CHARSIZE);
#ifdef WINDOWS_NO_UNICODE
memset(tw->ScreenBuffer + i, ' ', tw->ScreenSize.x);
#else
wmemset(tw->ScreenBuffer + i, ' ', tw->ScreenSize.x);
#endif
tw->CursorPos.y--;
ScrollWindow(tw->hwnd,0,-tw->CharSize.y,NULL,NULL);
UpdateWindow(tw->hwnd);
}
if (tw->CursorFlag)
text_to_cursor(tw);
/* TextMessage(); */
}
/* Put the local names of weekdays into the wds. */
void
mkweekdays(struct weekdays *wds)
{
int i, len, width = 0;
struct tm tm;
wchar_t buf[20];
memset(&tm, 0, sizeof(tm));
for (i = 0; i != 7; i++) {
tm.tm_wday = (i+1) % 7;
wcsftime(buf, sizeof(buf), L"%a", &tm);
for (len = 2; len > 0; --len) {
if ((width = wcswidth(buf, len)) <= 2)
break;
}
wmemset(wds->names[i], L'\0', 4);
if (width == 1)
wds->names[i][0] = L' ';
wcsncat(wds->names[i], buf, len);
wcsncat(wds->names[i], L" ", 1);
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
wchar_t * data;
CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_34_unionType myUnion;
wchar_t dataBadBuffer[50];
wchar_t dataGoodBuffer[100];
/* FIX: Set a pointer to a "large" buffer, thus avoiding buffer overflows in the sinks. */
data = dataGoodBuffer;
data[0] = L'\0'; /* null terminate */
myUnion.unionFirst = data;
{
wchar_t * data = myUnion.unionSecond;
{
wchar_t source[100];
wmemset(source, L'C', 100-1); /* fill with L'C's */
source[100-1] = L'\0'; /* null terminate */
/* POTENTIAL FLAW: Possible buffer overflow if the size of data is less than the length of source */
memcpy(data, source, 100*sizeof(wchar_t));
data[100-1] = L'\0'; /* Ensure the destination buffer is null terminated */
printWLine(data);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void goodG2BSink(void * dataVoidPtr)
{
/* cast void pointer to a pointer of the appropriate type */
wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr;
/* dereference dataPtr into data */
wchar_t * data = (*dataPtr);
{
size_t i, destLen;
wchar_t dest[100];
wmemset(dest, L'C', 100-1);
dest[100-1] = L'\0'; /* null terminate */
destLen = wcslen(dest);
/* POTENTIAL FLAW: using length of the dest where data
* could be smaller than dest causing buffer overread */
for (i = 0; i < destLen; i++)
{
dest[i] = data[i];
}
dest[100-1] = L'\0';
printWLine(dest);
delete [] data;
}
}