13
edits
Changes
no edit summary
** C++ never snprintfs using a content-tainted string.
* SpiderMonkey Exact-GC safety bugs. See the [[GC_SafetySpec]] page for the latest.
** "Not stored in the heap" pointer dataflow analysis. '''WorksImplemented in Oink''': finding pointers to stack stored on heap/global is now a feature of Oink; have not tried it yet on Mozilla.
* Dataflow enforcement of correct API usage (CQual++):
** String character set encoding mistakes.