https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106007
Bug ID: 106007 Summary: RFE: analyzer should complain about exec/system of tainted args Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Target Milestone: --- The analyzer should complain if tainted args are passed to any of the following without sanitization (probably not an exhaustive list): int execl(const char *pathname, const char *arg, ... /* (char *) NULL */); int execlp(const char *file, const char *arg, ... /* (char *) NULL */); int execle(const char *pathname, const char *arg, ... /*, (char *) NULL, char * const envp[] */); int execv(const char *pathname, char *const argv[]); int execvp(const char *file, char *const argv[]); int execvpe(const char *file, char *const argv[], char *const envp[]); int execve(const char *pathname, char *const argv[], char *const envp[]); int execveat(int dirfd, const char *pathname, char *const argv[], char *const envp[], int flags); int fexecve(int fd, char *const argv[], char *const envp[]); int system(const char *command); Could have/reuse an attribute for this, or hardcode it.