1PSCAN(1) General Commands Manual PSCAN(1)
2
6 pscan - Format string security checker for C source code
7
9 pscan [options]
10
12 pscan is a source code analysis tool which is designed to highlight
13 potentially dangerous uses of variadic functions such as "printf",
14 "syslog", etc. The scan works by looking for a one of a list of prob‐
15 lem functions, and applying the following rule:
16 IF the last parameter of the function is the format string, AND the
18 format string is NOT a static string, THEN complain.
19
21 The code will not report on some potention buffer overflows, because
22 that is not its goal. For example the following code is potential dan‐
23 gerous:
24 sprintf(static_buffer, %s/.foorc", getenv("HOME"));"
26 This code could cause an issue as there is no immediately obvious
28 bounds checking. However this is a safe usages with regards to format
29 strings.
30
32 If there are any errors found, pscan exits with status 1.
33
35 Alan DeKok <aland@ox.org>
36 PSCAN(1)