search

david-a-wheeler / flawfinder

a static analysis tool for finding vulnerabilities in C/C++ source code
GNU General Public License v2.0
477 stars 82 forks source link

`c_printf` possible false positive for format macro constant #50

Open cordis-dev opened 3 years ago

cordis-dev commented 3 years ago

Given this source file:

#include <stdio.h>
#include <inttypes.h>

int main(char *arg)
{
    sscanf(arg, PRIu32);
    return 0;
}

Flawfinder 2.0.17 outputs:

FINAL RESULTS:

test.c:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.

Note: no issue is generated if line 4 is changed to e.g. sscanf(arg, "I32u");

david-a-wheeler commented 3 years ago

Make sense. Care to create a merge request/pull request?