1pscan(1) pscan(1)
2
3
4
6 pscan - Format string security checker for C source code
7
9 pscan [options] pscan is a source code analysis tool which is designed
10 to highlight potentially dangerous uses of variadic functions such as
11 "printf", "syslog", etc.
12
13
14
15
17 The scan works by looking for a one of a list of problem functions,
18 and applying the following rule:
19 IF the last parameter of the function is the format string,
20 AND the format string is NOT a static string,
21 THEN complain.
22
23
25 The code will not report on some potention buffer overflows, because
26 that is not its goal. For example the following code is potential dan‐
27 gerous:
28 sprintf( static_buffer, "%s/.foorc", getenv("HOME") );
29 This code could cause an issue as there is no immediately obvious
30 bounds checking. However this is a safe usages with regards to format
31 strings.
32
33
34
36 If there are any errors found, pscan exits with status 1.
37
38
39
41GNU pscan(1)