Write or BOF on dynamically-allocated memory. See the code snippet as follows:
/* test case 3 : out-of-bounds : write overflow [on dynamic memory] */static void write_overflow_dynmem(void){ char *dest, src[] = "abcd56789"; dest = malloc(8); if (!dest) FATAL("malloc failed\n"); strcpy(dest, src); /* Bug: write overflow */ free(dest);}
Again, no compile or runtime detection of the bug occurs:
$ ./membugs 3$ ./membugs 3 << try once more >>$