[cfe-dev] [PATCH] Bug 18412 - Warn on scanf string format no field limits
Zach Davis
zdavkeos at gmail.com
Thu Jan 30 14:35:31 PST 2014
Hi all-
I have been working on a patch for bug 18412 "CVE-2013-6462:
scanf %s should always have field limits" and was hoping to get
some comments.
The patch generates a bug report when a *scanf function uses %s
without a field width. It generates a warning from the compiler
rather than the static analyzer as proposed in the bug report.
Questions:
- Is this a desirable feature (vs. the static analyzer)?
- Will the false-positive rate be too high?
- The warning currently falls under the "FormatSecurity" group,
which seems ok except that "FormatSecurity" also falls under
the "format-nonliteral" category which is making many unittests
fail. Is this behavior intentional?
Example:
18412.c:9:27: warning: no field width in scanf string format specifier
(potentially insecure)
if (sscanf(line, "name: %s", name) != 1) {
^~
Zach
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140130/96f44a80/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 18412.patch
Type: application/octet-stream
Size: 1700 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140130/96f44a80/attachment.obj>
More information about the cfe-dev
mailing list