like the following code, it is obvious fmt string vulnerability:
void log(char* str) {
printf(str);
}
if can detect with self-defined config, how can I detect this vulnerability with CppCheck?
Asked
Active
Viewed 105 times
0
Debosmit Ray
- 5,228
- 2
- 27
- 43
Kevin Cheng
- 11
- 1
-
anyone can help me, thank u. – Kevin Cheng Mar 12 '16 at 05:46
-
PVS-Studio can do this: http://www.viva64.com/en/d/0235/ – Mar 12 '16 at 08:39
-
GCC and Clang will also report this using `-Wformat-security` - `format string is not a string literal (potentially insecure) [-Wformat-security]` – Firewave Dec 17 '20 at 18:08