man pscan (Commandes) - Format string security checker for C source code

NAME

pscan - Format string security checker for C source code

SYNOPSIS

pscan [options] pscan is a source code analysis tool which is designed to highlight potentially dangerous uses of variadic functions such as "printf", "syslog", etc.

DETAILS

The scan works by looking for a one of a list of problem functions, and applying the following rule: IF the last parameter of the function is the format string, AND the format string is NOT a static string, THEN complain.

LIMITATIONS

The code will not report on some potention buffer overflows, because that is not its goal. For example the following code is potential dangerous: sprintf( static_buffer, "%s/.foorc", getenv("HOME") ); This code could cause an issue as there is no immediately obvious bounds checking. However this is a safe usages with regards to format strings.

RETURN VALUES

If there are any errors found, pscan exits with status 1.

AUTHOR Alan DeKok <aland@ox.org>

Sections du manuel

Commandes
- rtl
- sr
- p
- WN
- l
- L
- fun
- emacs21
- m
- cn
- emacs-snapshot
- X
- gmt
- grass
- ssl
- 7
- a
- x
- osd_clock
- posix
- nas
- PVM
- pccts
Appels systèmes
Fonctions bibliothèques
Fichiers spéciaux
Formats
Jeux
Conventions
Administration système
Fonctions noyau
Nouveau

cd ~tigrou/pwet.fr/man/linux/Commandes/pscan