Rechercher une page de manuel
pscan
Langue: en
Version: 250269 (debian - 07/07/09)
Section: 1 (Commandes utilisateur)
NAME
pscan - Format string security checker for C source codeSYNOPSIS
pscan [options]DESCRIPTION
pscan is a source code analysis tool which is designed to highlight potentially dangerous uses of variadic functions such as "printf", "syslog", etc. The scan works by looking for a one of a list of problem functions, and applying the following rule:IF the last parameter of the function is the format string, AND the format string is NOT a static string, THEN complain.
LIMITATIONS
The code will not report on some potention buffer overflows, because that is not its goal. For example the following code is potential dangerous:sprintf(static_buffer, %s/.foorc, getenv(HOME));
This code could cause an issue as there is no immediately obvious bounds checking. However this is a safe usages with regards to format strings.
RETURN VALUES
If there are any errors found, pscan exits with status 1.AUTHOR
Alan DeKok <aland@ox.org>Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre