-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
Tainting string data type #41
Comments
Thanks for bringing up this issue. |
Here I have two modules. The first one produces a random data (ebBalance). The second module sends reading request in TLM to the first one to read ebBalance. in energyBalance module: `
} // balanceGenerator() void energyBalance::b_transport(int id, tlm::tlm_generic_payload& tlmPayload, sc_core::sc_time& delay)
} ` in second mudole: `
` |
Another issue is that when I get string data to the TNT_TAINT(&a, sizeof(a)) or to TNT_IS_TAINTED(t, &a, sizeof(a)) it raises an error. |
I think the problem is not about tainting string data type, it is about the size of tainted data which will be changed after converting to string. |
At least for me, std::to_string is implemented by _itoa.c.
In the above, value, which is tainted, is used as an index to copy the corresponding characters into buflim. The taint will not be propagated, because pointer tainting is not implemented (see Pointer tainting). So, yes. sEBalance will not be tainted after std::to_string. The only way is to taint it manually after std::to_string. |
Hi,
Is Taintgrind follows operations on std::string?
In my code, the data is tainted until it is converted to the string data type. After that, taintgrind loses the flow of the data!
The text was updated successfully, but these errors were encountered: