[Bug analyzer/106006] New: RFE: analyzer should treat data from a socket as "tainted"
dmalcolm at gcc dot gnu.org
gcc-bugzilla@gcc.gnu.org
Thu Jun 16 17:14:38 GMT 2022
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106006
Bug ID: 106006
Summary: RFE: analyzer should treat data from a socket as
"tainted"
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
These functions should taint the buffers they write to:
ssize_t recv(int sockfd, void *buf, size_t len, int flags);
ssize_t recvfrom(int sockfd, void *buf, size_t len, int flags,
struct sockaddr *src_addr, socklen_t *addrlen);
ssize_t recvmsg(int sockfd, struct msghdr *msg, int flags);
Perhaps we could add/reuse an attribute for this, or hardcode the knowledge in
the analyzer.
More information about the Gcc-bugs
mailing list