Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pscan(1) [debian man page]

PSCAN(1)						      General Commands Manual							  PSCAN(1)

NAME

       pscan - Format string security checker for C source code

SYNOPSIS

       pscan [options]

DESCRIPTION

       pscan  is  a  source  code  analysis tool which is designed to highlight potentially dangerous uses of variadic functions such as "printf",
       "syslog", etc.  The scan works by looking for a one of a list of problem functions, and applying the following rule:

       IF the last parameter of the function is the format string, AND the format string is NOT a static string, THEN complain.

LIMITATIONS

       The code will not report on some potention buffer overflows, because that is not its goal. For example the following code is potential dan-
       gerous:

	 sprintf(static_buffer,  %s/.foorc", getenv("HOME"));"

       This  code  could  cause  an issue as there is no immediately obvious bounds checking. However this is a safe usages with regards to format
       strings.

RETURN VALUES

       If there are any errors found, pscan exits with status 1.

AUTHOR

       Alan DeKok <aland@ox.org>

																	  PSCAN(1)

Check Out this Related Man Page

SCAN-BUILD(1)															     SCAN-BUILD(1)

NAME

       scan-build

       scan-build(1) -- An utility for running the clang(1) analyzer from the command line

SYNOPSIS

       scan-build options build command [build options]

DESCRIPTION

       scan-build is a command line utility that enables a user to run the clang static analyzer over their codebase as part of performing a regu-
       lar build (from the command line).

OPTIONS

       -analyze-headers
	      Also analyze functions in #included files.

       -o     Target directory for HTML report files. Subdirectories will be created as needed to represent separate "runs" of	the  analyzer.	If
	      this option is not specified, a directory is created in /tmp (TMPDIR on Mac OS X) to store the reports.

       -h, --help
	      Display the help message.

       -k     Add a "keep on going" option to the specified build command.

       --keep-going
	      This option currently supports make and xcodebuild. This is a convenience option; one can specify this behavior directly using build
	      options.

       --html-title [title]
	      Specify the title used on generated HTML pages.

       --html-title=[title]
	      If not specified, a default title will be used.

       -plist By default the output of scan-build is a set of HTML files. This option outputs the results as a set of .plist files.

       --status-bugs
	      By default, the exit status of scan-build is the same as the executed build command. Specifying this option causes the  exit  status
	      of scan-build to be 1 if it found potential bugs and 0 otherwise.

       --use-cc [compiler path]
	      By default, scan-build uses 'gcc' to compile and link

       --use-cc=[compiler path]
	      your C and Objective-C code. Use this option to specify an alternate compiler.

       --use-c++ [compiler path]
	      By default, scan-build uses 'g++' to compile and link

       --use-c++=[compiler path]
	      your C++ and Objective-C++ code. Use this option to specify an alternate compiler.

       -v     Verbose output from scan-build and the analyzer. A second and third '-v' increases verbosity.

       -V     View analysis results in a web browser when the build

       --view completes.

ADVANCED OPTIONS
:
       -constraints [model]
	      Specify  the  contraint  engine  used by the analyzer. By default the 'range' model is used. Specifying 'basic' uses a simpler, less
	      powerful constraint model used by checker-0.160 and earlier.

       -store [model]
	      Specify the store model used by the analyzer. By default, the 'region' store model is used. 'region'  specifies  a  field  sensitive
	      store  model.  Users  can also specify 'basic', which is far less precise but can more quickly analyze code. 'basic' was the default
	      store model for checker-0.221 and earlier.

       -no-failure-reports
	      Do not create a 'failures' subdirectory that includes analyzer crash reports and preprocessed source files.

EXAMPLES

       Basic usage of scan-build is designed to be simple: just place the word "scan-build" in front of your build command:

       $ scan-build make

       $ scan-build xcodebuild

       In the first case scan-build analyzes the code of a project built with make and in the second case  scan-build  analyzes  a  project  built
       using xcodebuild.

       It is also possible to use scan-build to analyze specific files:

       $ scan-build gcc -c t1.c t2.c

       This example causes the files t1.c and t2.c to be analyzed.

AUTHORS

       Maintained by the Clang / LLVM Team http://clang.llvm.org.

       This manual page was written by Ermenegildo Fiorito fiorito.g@gmail.com for the Debian Project.

SEE ALSO

       clang(1) scan-view(1) http://clang-analyzer.llvm.org

								   December 2010						     SCAN-BUILD(1)
Man Page