[Bug analyzer/106021] New: RFE: more sources of taint: scanf and its cousins

dmalcolm at gcc dot gnu.org via Gcc-bugs Fri, 17 Jun 2022 14:25:46 -0700

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106021


            Bug ID: 106021
           Summary: RFE: more sources of taint: scanf and its cousins
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: analyzer
          Assignee: dmalcolm at gcc dot gnu.org
          Reporter: dmalcolm at gcc dot gnu.org
  Target Milestone: ---

scanf and its cousins should taint their arguments:

       #include <stdio.h>

       int scanf(const char *format, ...);
       int fscanf(FILE *stream, const char *format, ...);
       int sscanf(const char *str, const char *format, ...);

       #include <stdarg.h>

       int vscanf(const char *format, va_list ap);
       int vsscanf(const char *str, const char *format, va_list ap);
       int vfscanf(FILE *stream, const char *format, va_list ap);

Possibly add/reuse an attribute for this, or hardcode it.

Additionally, we should probably "teach" the analyzer about the semantics of
them (possibly by refactoring the -Wformat code?)

[Bug analyzer/106021] New: RFE: more sources of taint: scanf and its cousins

Reply via email to