sprintf wrapper
ercoppa opened this issue · comments
ercoppa commented
Consider the following example (inspired by a real-world program):
int main(int argc, char *argv[]) {
char c[8];
ssize_t nbytes = read(STDIN_FILENO, c, 1);
if (nbytes != 1)
return 1;
sprintf(c, "0%d", 1);
if (c[0])
fprintf(stderr, "Concrete: %s\n", c);
else
fprintf(stderr, "Symbolic: %s\n", c);
return 0;
}
c[0]
is not symbolic due to the effects of sprintf
. Writing an exhaustive wrapper for sprintf
is hard, however, we can at least clear the symbolic memory written by sprintf
to avoid (a) solving invalid queries and (b) polluting the path constraints.
One possible fix could be this one. Let me know if this ok or how to improve it.
P.s. I had to make this declaration to make the compiler happy (see the attribute), however, maybe we want to move it somewhere else.