From 4d5b689b62620055549e94fe93045539b5764196 Mon Sep 17 00:00:00 2001
From: an7s <an7s@git.zephyr-software.com>
Date: Mon, 10 Oct 2011 14:23:39 +0000
Subject: [PATCH] ...

Former-commit-id: f9124dc3ee3fd86e6a3513f787314e237cac5504
---
 .gitattributes                                |  2 +
 .../CWE_191/CWE_191_Example_1_bad.c           | 43 +++++++++++++++++++
 .../CWE_191/CWE_191_Example_2_bad.c           | 43 +++++++++++++++++++
 3 files changed, 88 insertions(+)
 create mode 100644 examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_1_bad.c
 create mode 100644 examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_2_bad.c

diff --git a/.gitattributes b/.gitattributes
index ef5d21335..48830da6d 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -171,6 +171,8 @@ examples/integerbugs/C1_Number_Handling/CWE_190/bad.dat -text
 examples/integerbugs/C1_Number_Handling/CWE_190/data.txt -text
 examples/integerbugs/C1_Number_Handling/CWE_190/modular_bug_finding_example_1.c -text
 examples/integerbugs/C1_Number_Handling/CWE_190/modular_bug_finding_example_2.c -text
+examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_1_bad.c -text
+examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_2_bad.c -text
 examples/integerbugs/C1_Number_Handling/CWE_194/CVE-2007-4988_CWE_194_ImageMagick/CVE-2007-4988_CWE_194_ImageMagick.docx -text
 examples/integerbugs/C1_Number_Handling/CWE_194/CVE-2007-4988_CWE_194_ImageMagick/ImageMagick-6.3.4-10.tar.gz -text
 examples/integerbugs/C1_Number_Handling/CWE_194/CWE_194_Example_1_bad.c -text
diff --git a/examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_1_bad.c b/examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_1_bad.c
new file mode 100644
index 000000000..9d3108a3a
--- /dev/null
+++ b/examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_1_bad.c
@@ -0,0 +1,43 @@
+/*
+Integer Underflow (Wrap or Wraparound)
+
+Description Summary
+The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. 
+
+Extended Description
+This can happen in signed and unsigned cases. 
+
+Example 1
+The following example has an integer underflow. The value of i is already at the lowest negative value possible. The new value of i is 2147483647.
+(Bad Code)Example Language: C 
+
+@GOOD_ARGS 50
+@BAD_ARGS -2147483648
+@NORMAL_OUTPUT_CONTAINS N = 49
+@ATTACK_SUCCEEDED_OUTPUT_CONTAINS N = 214
+
+// bjm remove exit   TTACK_SUCCEEDED_CODE 1
+
+*/
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#include <limits.h>
+#ifdef ASSERT
+  #include <assert.h>
+#endif
+
+main (int argc, char ** argv)
+{
+  if (argc < 2) exit(2);
+  int i = atoi(argv[1]);
+
+  i = i - 1;
+#ifdef ASSERT
+assert(atoi(argv[1])>INT_MIN);
+#endif
+  printf("N = %d\n", i);
+  exit(0);
+}
+   
diff --git a/examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_2_bad.c b/examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_2_bad.c
new file mode 100644
index 000000000..21c6be8f5
--- /dev/null
+++ b/examples/integerbugs/C1_Number_Handling/CWE_191/CWE_191_Example_2_bad.c
@@ -0,0 +1,43 @@
+/*
+Integer Underflow (Wrap or Wraparound)
+
+Description Summary
+The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. 
+
+Extended Description
+This can happen in signed and unsigned cases. 
+
+Example 1
+The following example has an integer underflow. The value of i is already at the lowest negative value possible. The new value of i is 2147483647.
+(Bad Code)Example Language: C 
+
+@GOOD_ARGS 50
+@BAD_ARGS 0
+@NORMAL_OUTPUT_CONTAINS N = 49
+@ATTACK_SUCCEEDED_OUTPUT_CONTAINS N = 429
+// bjm removed for grace TTACK_SUCCEEDED_CODE 1
+
+*/
+
+#include <stdio.h>
+#include <stdbool.h>
+#include <stdlib.h>
+#ifdef ASSERT
+  #include <assert.h> 
+#endif
+
+main (int argc, char **argv)
+{
+  if (argc < 2) exit(2);
+  unsigned int j = atoi(argv[1]);
+  j = j - 1;
+
+#ifdef ASSERT
+  assert(isdigit(argv[1][0]));  
+  assert(atoi(argv[1])>0);
+#endif
+
+  printf("N = %u\n", j);
+  exit(0);
+}
+   
-- 
GitLab