PScan is software that analyzes C source files to detect errors related to printf-style functions.
It's worth noting that while PScan can't make your program completely secure, it is designed to make it safer. It's recommended that you look into the highly informative Format bugs post to BUGTRAQ to better understand the security implications associated with sprintf(buffer, variable);.
The security issues that PScan addresses can sometimes involve bypassing stack protection mechanisms like StackGuard, and as a result, I've submitted a paper to BUGTRAQ that describes the issue in greater detail.
It's critical to recognize that these security problems aren't limited to sprintf functions alone; they can occur with any printf-style function. Therefore, it's important to have a tool like PScan that can identify these issues with ease.
Despite PScan's limitations, it serves its purpose well. It can't scan for traditional buffer overflows or other misuses of function parameters, but it can help you identify security flaws in your code. It's important to keep in mind that analyzing and correcting any security breaches ultimately falls on the programmer.
In sum, if you're seeking a simple and useful tool that can help make your C source files more secure, PScan is worth considering.
Version 1.0: N/A