[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cfe-dev
Subject:    Re: [cfe-dev] [PATCH] Bug 18412 - Warn on scanf string format no field limits
From:       Justin Bogner <mail () justinbogner ! com>
Date:       2014-01-31 2:43:00
Message-ID: m2mwicg9cb.fsf () chronotis ! apple ! com
[Download RAW message or body]

Zach Davis <zdavkeos@gmail.com> writes:
> I have been working on a patch for bug 18412 "CVE-2013-6462:
> scanf %s should always have field limits" and was hoping to get
> some comments.
>
> The patch generates a bug report when a *scanf function uses %s
> without a field width.   It generates a warning from the compiler
> rather than the static analyzer as proposed in the bug report.
>
> Questions:
> - Is this a desirable feature (vs. the static analyzer)?
> - Will the false-positive rate be too high?

I suspect that this warning will trigger quite often on code in the
wild. Have you tried compiling any large code bases with this? That's
generally a good way to get an idea of the false positive rate.

> - The warning currently falls under the "FormatSecurity" group,
>   which seems ok except that "FormatSecurity" also falls under
>   the "format-nonliteral" category which is making many unittests
>   fail. Is this behavior intentional?
>
> Example:
>
> 18412.c:9:27: warning: no field width in scanf string format specifier
> (potentially insecure)
>   if (sscanf(line, "name: %s", name) != 1) {
>                           ^~
>
> Zach

_______________________________________________
cfe-dev mailing list
cfe-dev@cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

[prev in list] [next in list] [prev in thread] [next in thread]