PSCAN(1) General Commands Manual PSCAN(1)NAME
pscan - Format string security checker for C source code
SYNOPSIS
pscan [options]
DESCRIPTION
pscan is a source code analysis tool which is designed to highlight potentially dangerous uses of variadic functions such as "printf",
"syslog", etc. The scan works by looking for a one of a list of problem functions, and applying the following rule:
IF the last parameter of the function is the format string, AND the format string is NOT a static string, THEN complain.
LIMITATIONS
The code will not report on some potention buffer overflows, because that is not its goal. For example the following code is potential dan-
gerous:
sprintf(static_buffer, %s/.foorc", getenv("HOME"));"
This code could cause an issue as there is no immediately obvious bounds checking. However this is a safe usages with regards to format
strings.
RETURN VALUES
If there are any errors found, pscan exits with status 1.
AUTHOR
Alan DeKok <aland@ox.org>
PSCAN(1)
Check Out this Related Man Page
curl_printf(3) libcurl Manual curl_printf(3)NAME
curl_maprintf, curl_mfprintf, curl_mprintf, curl_msnprintf, curl_msprintf curl_mvaprintf, curl_mvfprintf, curl_mvprintf, curl_mvsnprintf,
curl_mvsprintf - formatted output conversion
SYNOPSIS
#include <curl/mprintf.h>
int curl_mprintf(const char *format, ...);
int curl_mfprintf(FILE *fd, const char *format, ...);
int curl_msprintf(char *buffer, const char *format, ...);
int curl_msnprintf(char *buffer, size_t maxlength, const char *format, ...);
int curl_mvprintf(const char *format, va_list args);
int curl_mvfprintf(FILE *fd, const char *format, va_list args);
int curl_mvsprintf(char *buffer, const char *format, va_list args);
int curl_mvsnprintf(char *buffer, size_t maxlength, const char *format, va_list args);
char *curl_maprintf(const char *format, ...);
char *curl_mvaprintf(const char *format, va_list args);
DESCRIPTION
These are all functions that produce output according to a format string and given arguments. These are mostly clones of the well-known C-
style functions and there will be no detailed explanation of all available formatting rules and usage here.
See this table for notable exceptions.
curl_mprintf()
Normal printf() clone.
curl_mfprintf()
Normal fprintf() clone.
curl_msprintf()
Normal sprintf() clone.
curl_msnprintf()
snprintf() clone. Many systems don't have this. It is just like sprintf but with an extra argument after the buffer that
specifies the length of the target buffer.
curl_mvprintf()
Normal vprintf() clone.
curl_mvfprintf()
Normal vfprintf() clone.
curl_mvsprintf()
Normal vsprintf() clone.
curl_mvsnprintf()
vsnprintf() clone. Many systems don't have this. It is just like vsprintf but with an extra argument after the buffer that
specifies the length of the target buffer.
curl_maprintf()
Like printf() but returns the output string as a malloc()ed string. The returned string must be free()ed by the receiver.
curl_mvaprintf()
Like curl_maprintf() but takes a va_list pointer argument instead of a variable amount of arguments.
To easily use all these cloned functions instead of the normal ones, #define _MPRINTF_REPLACE before you include the <curl/mprintf.h> file.
Then all the normal names like printf, fprintf, sprintf etc will use the curl-functions instead.
AVAILABILITY
These function will be removed from the public libcurl API in a near future. They will instead be made "available" by source code access
only, and then as curlx_-prefixed functions. See lib/README.curlx for further details.
RETURN VALUE
The curl_maprintf and curl_mvaprintf functions return a pointer to a newly allocated string, or NULL if it failed.
All other functions return the number of characters they actually outputted.
SEE ALSO printf(3), sprintf(3), fprintf(3), vprintf(3)libcurl 7.12 30 April 2004 curl_printf(3)