https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007
Bug ID: 106007
Summary: RFE: analyzer should complain about exec/system of
tainted args
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Target Milestone: ---
The analyzer should complain if tainted args are passed to any of the following
without sanitization (probably not an exhaustive list):
int execl(const char *pathname, const char *arg, ...
/* (char *) NULL */);
int execlp(const char *file, const char *arg, ...
/* (char *) NULL */);
int execle(const char *pathname, const char *arg, ...
/*, (char *) NULL, char * const envp[] */);
int execv(const char *pathname, char *const argv[]);
int execvp(const char *file, char *const argv[]);
int execvpe(const char *file, char *const argv[],
char *const envp[]);
int execve(const char *pathname, char *const argv[],
char *const envp[]);
int execveat(int dirfd, const char *pathname,
char *const argv[], char *const envp[],
int flags);
int fexecve(int fd, char *const argv[], char *const envp[]);
int system(const char *command);
Could have/reuse an attribute for this, or hardcode it.
