[Full-disclosure] CCA source code released
Jonathan Heusser
jonny at drugphish.ch
Mon May 2 16:17:51 BST 2005
Hello,
Some months ago I announced the C Code Analyzer, a static analysis tool for
detecting potential security problems in C source code.
I released the source code of CCA today.
Current features are:
- fully automatic user input tracer
- potential bufferoverflow detection
- memory leak detection
- multiple/dangling free detection
- array out of bound accesses
- eclipse frontend plugin
If you are interested, visit http://www.drugphish.ch/~jonny/cca.html
More information, example sessions detecting bufferoverflows in real
applications and screenshots of the plugin are available on the page.
--
ACF8 4AC4 E7E4 1C72 44C5 4E55 2CF0 79E9 84B6 4AD3
Full-Disclosure is hosted and sponsored by Secunia.