[llvm-commits] [PATCH] Replace use of sscanf with string object operations
Martinez, Javier E
javier.e.martinez at intel.com
Thu Oct 4 00:01:56 PDT 2012
Alex,
> I think … we should discuss what our security goals are.
I agree and I think the best place for that is the dev list. You’re welcome to participate in the thread about how to handle these functions.
> Perhaps before we follow this specific path we should enhance the Clang static analyzer to identify security issues we do care about and get a buildbot running that is checking the surface areas we have identified as needing to be secure for those issues?
Excellent idea and that’s a direction we’re considering for identifying bad uses of memcpy in LLVM.
Thanks,
Javier
From: Alex Rosenberg [mailto:alexr at leftfield.org]
Sent: Wednesday, October 03, 2012 11:07 PM
To: Martinez, Javier E
Cc: llvm-commits at cs.uiuc.edu
Subject: Re: [llvm-commits] [PATCH] Replace use of sscanf with string object operations
This patch reads as a dogmatic response to Visual Studio's bogus "deprecation" complaints.
I think instead of swapping safe uses of one function for other functions simply to avoid specific parts of the standard library, we should discuss what our security goals are. LLVM has a lot of surface area and may be used in a lot of ways. Most conventional use cases of a compiler framework have no need for security, so if we do impose security guidelines, they should be discussed and codified.
Perhaps before we follow this specific path we should enhance the Clang static analyzer to identify security issues we do care about and get a buildbot running that is checking the surface areas we have identified as needing to be secure for those issues?
(Yes, I get that your employer may have some corporate standards you need to meet. Mine does too. Handling those needs in a constructive way is my goal here.)
Sent from my iPad
On Oct 3, 2012, at 9:48 PM, "Martinez, Javier E" <javier.e.martinez at intel.com<mailto:javier.e.martinez at intel.com>> wrote:
Hello,
Attached is a patch to remove the use of sscanf. The misuse of some C string functions such as sscanf can cause as security vulnerability. As discussed in the development mailing list the preference is to use string objects to manipulate strings instead of the C functions.
Please review the patch and commit if the changes are ok.
Thanks,
Javier
<sscanf.patch>
_______________________________________________
llvm-commits mailing list
llvm-commits at cs.uiuc.edu<mailto:llvm-commits at cs.uiuc.edu>
http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20121004/011181d3/attachment.html>
More information about the llvm-commits
mailing list