[splint-discuss] detecting buffer overflows
Thomas
tom at electric-sheep.org
Thu May 15 04:55:00 PDT 2008
Am Donnerstag, 15. Mai 2008 schrieb Bill Pringlemeir:
>
> Try this command, "splint +strict bof_static.c". Some of the
> detections that you might think are easy can do the following,
Unfortunately it does not report less false negatives.
> 1) Introduce many false positives.
Yes, it shows really strange messages, like printf() modifying the
file system state.
> 3) Add little value to realistic code samples.
Some new warnings are really interesting. For example if a parameter
of type size_t of calloc() is a variable of type int. Very realistic problem
to spot exploitable heap overflows due to integer overflow / sign issues.
> I think with +strict many of the errors are flagged. There is also
> '+strictposixlib' (or some such) which might have more stringent
> standard library annotations.
Hm, doesn't help.
> Finally, I am not quite sure if some of your loops are infinite. A
> good warning might be "loop terminates after overflow" for some of
> them.
How can this be enabled? And what kind of overflow?
> fwiw,
> Bill Pringlemeir.
Bye
Thomas
More information about the splint-discuss
mailing list