logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

pscan - Format string security checker for C source code

Contents

Author

       Alan DeKok <aland@ox.org>

                                                                                                        PSCAN(1)

Description

pscan  is  a  source  code  analysis  tool  which  is designed to highlight potentially dangerous uses of
       variadic functions such as "printf", "syslog", etc.  The scan works by looking for a one  of  a  list  of
       problem functions, and applying the following rule:

       IF the last parameter of the function is the format string, AND the format string is NOT a static string,
       THEN complain.

Limitations

       The  code  will  not report on some potention buffer overflows, because that is not its goal. For example
       the following code is potential dangerous:

         sprintf(static_buffer,%s/.foorc",getenv("HOME"));"

       This code could cause an issue as there is no immediately obvious bounds checking. However this is a safe
       usages with regards to format strings.

Name

       pscan - Format string security checker for C source code

Return Values

       If there are any errors found, pscan exits with status 1.

Synopsis

pscan [options]

See Also

MCP
Code Mcp
Man Pages
pscan Man Pages
Man Pages
formats Man Pages
String
String PNG Icons
Man Pages
source Man Pages
Originals Spikeball
Originals Spikeball SVG Icons
Man Pages
security Man Pages
Installerpedia
getpelican/pelican Installerpedia
Buffer
Buffer PNG Icons
← View User commands Category← Back to Security and encryption🙏  Credits & Acknowledgments