mailing list archives
Std C Lib Functions that do not .....
From: hack () LINUX SILKROAD COM (Tim Bass)
Date: Wed, 19 Feb 1997 21:52:18 -0500
Maybe someone has already done this....
I'm thinking about writing perl scripts that check both
C source and disassembled code for potential situations where
buffer overflows in the stack are possible.
Has anyone compiled a list by OS & Architecture of Standard
C Library calls, for example _strcpy, that do not check
the sizes of the arrays and are potentially offensive
if the C programmer misses it?
I believe tools like this would be helpful to both code developers
and system administrators. Knowledge of any prior work, lists
of lib calls, or existing tools appreciated.
PS: To be honest, i've always avoided the program lint and just
go straight to gcc (cc) and gbd. Did/does lint to this?
mailto:bass () silkroad com voice (703) 222-4243
http://www.silkroad.com/ fax (703) 222-7320
- Std C Lib Functions that do not ..... Tim Bass (Feb 20)