id: "c-memcpy-overflow:001"
language: c
project: memcpy-overflow
version: "1.0.0"
description: "Potential overflow: user-controlled length passed to memcpy without bounds."
entrypoints:
  - "process_buffer(len)"
sinks:
  - id: "Overflow::process"
    path: "src/main.c::process"
    kind: "memory"
    location:
      file: src/main.c
      line: 23
    notes: "memcpy uses attacker-controlled length; reachable via process_buffer."
environment:
  os_image: "gcc:13-bookworm"
  runtime:
    gcc: "13"
  source_date_epoch: 1730000000
build:
  command: "./build/build.sh"
  source_date_epoch: 1730000000
  outputs:
    artifact_path: outputs/binary.tar.gz
    coverage_path: outputs/coverage.json
    traces_path: outputs/traces/traces.json
test:
  command: "./tests/run-tests.sh"
  expected_coverage:
    - outputs/coverage.json
  expected_traces:
    - outputs/traces/traces.json
ground_truth:
  summary: "Calling process_buffer with len>256 drives memcpy with attacker length (reachable)."
  evidence_files:
    - "../../../benchmark/truth/c-memcpy-overflow.json"