https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106235
Bug ID: 106235 Summary: RFE: -fanalyzer could complain about tainted data triggering assertion failure Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- CWE-617: Reachable Assertion: https://cwe.mitre.org/data/definitions/617.html "The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary." (e.g. remote triggering of denial-of-service) Perhaps -fanalyzer could identify assertion failure routines, and see if tainted data is used in an assertion. Presumably we'd want to see if a conditional guarding an assertion handler involves tainted data. Not sure if this is fully implementable; e.g. what to do about non-trivial conditionals? (and how much can we reconstruct about "is this an assertion" vs "is this a regular conditional" given how late we run)