1 PScan is a C source code security scanner, which looks for misuse of
2 libc functions which use varargs and printf-style formatting
3 operators. In many situations these can cause security vulnerabilities
4 in the application if it runs with privileges (setugid, or listening
5 to a network socket, etc).
7 An example of the kind of situation pscan looks for is the following:
9 variable = "%s"; /* or malicious user input */
10 sprintf(buffer, variable); /* BAD! */