Bug#228552: ITP: pscan -- Format string security checker for C files
On Sat, Jan 31, 2004 at 07:12:01PM +0100, Florian Weimer wrote:
> > This program will scan source files for code which uses
> > variadic functions and warn of potential abuses it's a useful
> > tool for those performing source code audits.
>
> How does this tool compare to the various -Wformat options in recent GCC
> versions?
I believe this is more comprehensive as it knows about a lot of
functions and can be given lists of new ones which gcc knows nothing
about.
However I've not used the -Wformat options extensively, and they are
both aimed at a different market. pscan is aimed more at static
analysis of source files whereas GCC can only be used to build the
program. (Which may be difficult if the necessary development
libraries are not installed, for example).
Steve
---
# Debian Security Audit Project
http://www.steve.org.uk/Debian/
Reply to: