[Bug analyzer/106007] RFE: analyzer should complain about exec/system of tainted args
dmalcolm at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Thu Jul 28 16:36:05 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007
--- Comment #2 from David Malcolm <dmalcolm at gcc dot gnu.org> ---
Currently the taint analysis only has handling for numeric arguments being
bounds-checked.
How can string arguments transition to a "sanitized" state? Or are string
arguments always tainted once they've acquired taint?
More information about the Gcc-bugs
mailing list