[LLVMbugs] [Bug 11053] New: Checker should warn against any use of vfork()
bugzilla-daemon at llvm.org
bugzilla-daemon at llvm.org
Mon Oct 3 05:24:18 PDT 2011
http://llvm.org/bugs/show_bug.cgi?id=11053
Summary: Checker should warn against any use of vfork()
Product: clang
Version: trunk
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P
Component: Static Analyzer
AssignedTo: kremenek at apple.com
ReportedBy: graham at fuzzyaliens.com
CC: llvmbugs at cs.uiuc.edu
Created an attachment (id=7391)
--> (http://llvm.org/bugs/attachment.cgi?id=7391)
Patch adds use of vfork() as a security issue.
According to SEI CERT guideline POS33-C[*], vfork(2) should not be used due to
potential denial of service issues and undefined behaviour across different
implementations. The attached patch adds a check to
experimental.security.SecuritySyntactic to detect and report an issue on use of
vfork().
[*]
https://www.securecoding.cert.org/confluence/display/seccode/POS33-C.+Do+not+use+vfork%28%29
--
Configure bugmail: http://llvm.org/bugs/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the llvm-bugs
mailing list