Bug#228552: ITP: pscan -- Format string security checker for C files

To: Florian Weimer <fw@deneb.enyo.de>
Cc: 228552@bugs.debian.org
Subject: Bug#228552: ITP: pscan -- Format string security checker for C files
From: Steve Kemp <skx@debian.org>
Date: Sat, 31 Jan 2004 18:14:52 +0000
Message-id: <[🔎] 20040131181452.GA22502@steve.org.uk>
Reply-to: Steve Kemp <skx@debian.org>, 228552@bugs.debian.org
In-reply-to: <[🔎] 20040131181201.GA13883@deneb.enyo.de>
References: <[🔎] 20040119182527.GA7830@undecided> <[🔎] 20040131181201.GA13883@deneb.enyo.de>

On Sat, Jan 31, 2004 at 07:12:01PM +0100, Florian Weimer wrote:

> >  This program will scan source files for code which uses
> >  variadic functions and warn of potential abuses it's a useful
> >  tool for those performing source code audits.
> 
> How does this tool compare to the various -Wformat options in recent GCC
> versions?

  I believe this is more comprehensive as it knows about a lot of
 functions and can be given lists of new ones which gcc knows nothing
 about.

  However I've not used the -Wformat options extensively, and they are
 both aimed at a different market.  pscan is aimed more at static
 analysis of source files whereas GCC can only be used to build the
 program.  (Which may be difficult if the necessary development
 libraries are not installed, for example).

Steve
---
# Debian Security Audit Project
http://www.steve.org.uk/Debian/

Reply to:

References:
- Bug#228552: ITP: pscan -- Format string security checker for C files
  - From: Steve Kemp <skx@debian.org>
- Bug#228552: ITP: pscan -- Format string security checker for C files
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Bug#228552: ITP: pscan -- Format string security checker for C files
Next by Date: Processed: Same player shoot again
Previous by thread: Bug#228552: ITP: pscan -- Format string security checker for C files
Next by thread: Processed: Re: O: aee -- An easy to use screen-based editor
Index(es):
- Date
- Thread