[Dailydave] Source Code Analysis
Matt
matt at use.net
Thu Sep 7 15:25:24 EST 2006
On Thu, 7 Sep 2006, Alexander Sotirov wrote:
> Here's some work I did on static analysis last year (as a gcc patch):
> http://gcc.vulncheck.org/
>
> I used taint propagation and value range propagation to detect things like:
>
> n = read_int_from_network();
> memcpy(src, dst, n);
>
> which is exactly the same C pattern that caused OpenSSL remote vulnerability a
> few years ago, and surely many others. The value range propagation allows us to
> correctly flag this as safe:
>
> n = read_int_from_network();
> if (n < 255)
> memcpy(src, dst, n);
How do you track this inter-function and inter-module? Are you using newer
interfaces exposed by GCC 4.x's GIMPLE stuff or..?
--
tangled strands of DNA explain the way that I behave.
http://www.clock.org/~matt
More information about the Dailydave
mailing list