Instrumented `gets` implementation broken?

Open hbrodin opened this issue 3 years ago • 0 comments

The wrapper for gets is defined here: https://github.com/trailofbits/polytracker/blob/master/polytracker/src/taint_sources/taint_sources.cpp#L315-L318

EXT_C_FUNC char *__dfsw_gets(char *str, dfsan_label str_label,
                             dfsan_label *ret_label) {
  long offset = ftell(stdin);
  char *ret = fgets(str, sizeof str, stdin);

It seems to be broken as it is forwarding to fgets with a sizeof str, where str is char* which would mean eight bytes typically.

When I tried to add a test case to verify, it fails to build:

error: use of undeclared identifier 'gets'

gets is removed since C11/C++14 IIUC. Suggestion: Remove the gets-wrapper.

Nov 25 '22 15:11 hbrodin