[splint-discuss] formatconst example?
Elise Berger
eberger at cygnacom.com
Thu Sep 11 11:30:11 EDT 2003
I am trying to understand what exactly the formatconst flag does. The splint
manual has the following text:
A simpler way to detect format vulnerabilities is to warn for any format
string that
is unknown at compile time. Splint provides this checking, issuing a warning
if the +formatconst
flag is set and finds any unknown format strings at compile time. This can
produce spurious
messages, however, because there might be unknown format strings that are
not vulnerable to
hostile input.
What is meant by "a format string unknown at compile time?" Does this refer
to a format specifier? Can anyone provide an example?
Any information on the above would be much appreciated.
thanks.
Elise T. Berger
Senior Security Engineer
CygnaCom Solutions, Inc.
an Entrust company
Phone: 703-270-3511 Fax: 703-848-0960
http://www.cygnacom.com
eberger at cygnacom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.cs.Virginia.EDU/pipermail/splint-discuss/attachments/20030911/afd3d8cc/attachment.htm
More information about the splint-discuss
mailing list