Select-instructions are missing instrumentation to track control flow

trailofbits / polytracker

An LLVM-based instrumentation tool for universal taint tracking, dataflow analysis, and tracing.

Apache License 2.0

516 stars 47 forks source link

Select-instructions are missing instrumentation to track control flow #6541

Open hbrodin opened 1 year ago

hbrodin commented 1 year ago

There is no explicit handling of the select IR instruction. That is needed to capture that a tainted condition affects control flow. Taint will likely be propagated through the select by regular DFSAN instrumentation.