search for: ds_string

...k that it would be useful if you used the output of your static analyzer to provide a list of the places where C-style string manipulation is being done, so that these places can be migrated to using modern, safe LLVM interfaces for these operations. [1] http://llvm.org/docs/ProgrammersManual.html#ds_string --Sean Silva On Tue, Sep 18, 2012 at 8:00 PM, Martinez, Javier E <javier.e.martinez at intel.com> wrote: > Hello, > > > > We have identified functions in LLVM sources using a static code analyzer > which are marked as a “security vulnerability”[1][2]. There has been work &...

...k that it would be useful if you used the output of your static analyzer to provide a list of the places where C-style string manipulation is being done, so that these places can be migrated to using modern, safe LLVM interfaces for these operations. [1] http://llvm.org/docs/ProgrammersManual.html#ds_string --Sean Silva On Tue, Sep 18, 2012 at 8:00 PM, Martinez, Javier E <javier.e.martinez at intel.com> wrote: > Hello, > > > > We have identified functions in LLVM sources using a static code > analyzer which are marked as a "security vulnerability"[1][2]. There &gt...

Hello, We have identified functions in LLVM sources using a static code analyzer which are marked as a "security vulnerability"[1][2]. There has been work already done to address some of them for Linux (e.g. snprintf). We are attempting to solve this issue in a comprehensive fashion across all platforms. Most of the functions identified are for manipulating strings. Memcpy is the most