In this PoC, we can see that it's possible to detect some format string bugs without
pattern matching (e.g: looking for %s or something like that). We only focus on the
analysis and look if the va_arg based functions' first argument is tainted or
not.
more here.........http://shell-storm.org/files/Format-String-Detection-With-Pin.cpp
pattern matching (e.g: looking for %s or something like that). We only focus on the
analysis and look if the va_arg based functions' first argument is tainted or
not.
more here.........http://shell-storm.org/files/Format-String-Detection-With-Pin.cpp