Hi,
I'd like to get the buffer overflow to be detected with klee. It
detects many memory problem. However, in the code below, impossible
for him to detect the buffer overflow created on strcpy ... With
valgrind memcheck is detected. Is it possible to modify a source file
klee to handle this bug? If so, which?
thank you
Sincerely,
Lionel Prat
---------------------------
#include <stdio.h>
#include <klee/klee.h>
void bof(char *bof){
char buf[8];
strcpy(buf,bof);
printf("buf=%s\n",buf);
}
int main(int argc, char *argv[]){
int x=0;
char buf[20];
klee_make_symbolic(&buf,sizeof(buf),"buf");
for(x=0;x<sizeof(buf);x++)
klee_assert(buf[x]!='\x00');
//fgets(buf, 20, stdin);
bof(buf);
return 0;
}
_______________________________________________
klee-dev mailing list
[email protected]
http://keeda.Stanford.EDU/mailman/listinfo/klee-dev
