Hello, Some months ago I announced the C Code Analyzer, a static analysis tool for detecting potential security problems in C source code. I released the source code of CCA today.
Current features are: - fully automatic user input tracer - potential bufferoverflow detection - memory leak detection - multiple/dangling free detection - array out of bound accesses - eclipse frontend plugin If you are interested, visit http://www.drugphish.ch/~jonny/cca.html More information, example sessions detecting bufferoverflows in real applications and screenshots of the plugin are available on the page. -- ACF8 4AC4 E7E4 1C72 44C5 4E55 2CF0 79E9 84B6 4AD3 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/