Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   22533 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

pscan(1)							      pscan(1)

NAME
       pscan - Format string security checker for C source code

SYNOPSIS
       pscan  [options] pscan is a source code analysis tool which is designed
       to highlight potentially dangerous uses of variadic functions  such  as
       "printf", "syslog", etc.

DETAILS
	 The  scan  works by looking for a one of a list of problem functions,
       and applying the following rule:
	 IF the last parameter of the function is the format string,
	 AND the format string is NOT a static string,
	 THEN complain.

LIMITATIONS
	 The code will not report on some potention buffer overflows,  because
       that is not its goal.  For example the following code is potential dan‐
       gerous:
	 sprintf( static_buffer, "%s/.foorc", getenv("HOME") );
	 This code could cause an issue as there  is  no  immediately  obvious
       bounds  checking.  However this is a safe usages with regards to format
       strings.

RETURN VALUES
	 If there are any errors found, pscan exits with status 1.

AUTHOR Alan DeKok <;aland@ox.org>
GNU								      pscan(1)

Vote for polarhome