https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106006
Bug ID: 106006 Summary: RFE: analyzer should treat data from a socket as "tainted" Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- These functions should taint the buffers they write to: ssize_t recv(int sockfd, void *buf, size_t len, int flags); ssize_t recvfrom(int sockfd, void *buf, size_t len, int flags, struct sockaddr *src_addr, socklen_t *addrlen); ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags); Perhaps we could add/reuse an attribute for this, or hardcode the knowledge in the analyzer.