`printf` is not considered a taint sink

trailofbits / polytracker

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

Apache License 2.0

516 stars 47 forks source link

`printf` is not considered a taint sink #6525

Open hbrodin opened 1 year ago

hbrodin commented 1 year ago

printf writes to stdout are not captured as taint sinks when running PolyTracker with POLYTRACKER_STDOUT_SINK=1. It would be convenient to be able to capture:

printf("Tainted value: %x", tainted_value);

as a taint sink write.