| C/C++软件的危险函数静态检查研究 |
| |
| 引用本文: | 姜文,刘立康.C/C++软件的危险函数静态检查研究[J].航空计算技术,2017,47(3). |
| |
| 作者姓名: | 姜文 刘立康 |
| |
| 作者单位: | 西安电子科技大学 通信工程学院,陕西 西安,710071 |
| |
| 摘 要: | C/C++软件开发过程中,源代码中若使用了危险函数,会造成内存缓冲区溢出,产生严重的安全漏洞和隐患,因此对源代码进行危险函数检查非常重要.对于大型软件模块需要将危险函数静态检查工具集成到持续集成工具上,对源代码进行危险函数检测.结合工作实践,介绍了危险函数检测工具,叙述了对源代码进行检查的流程;详细叙述了基于持续集成的危险函数检查过程;最后介绍了两个典型案例.工作实践表明,进行危险函数检查有助于及时发现和处理软件中的危险函数隐患,从而提高软件产品的质量和安全性.
|
| 关 键 词: | 缓冲区溢出 危险函数 安全函数库 软件配置管理 持续集成 |
Research on Dangerous Function Static Check in C/C++ |
| |
| JIANG Wen,LIU Li-kang.Research on Dangerous Function Static Check in C/C++[J].Aeronautical Computer Technique,2017,47(3). |
| |
| Authors: | JIANG Wen LIU Li-kang |
| |
| Abstract: | During the development of software in C/C++,if the dangerous function is used in the source code,will case buffer overflow of memory,thus it is very important to detect dangerous function for source code.For modules in large software,the static detection tool which used for dangerous function detection is integrated to the continuous integration tool,for doing dangerous function detecting.With the work practice,the dangerous function detection tool is introduced,the process of dangerous function detection to source code is described,the process of dangerous function detection based on continuous integration is detailed described;at last two typical cases are introduced.Practice shows that dangerous function detection contributes to detect and resolve the risk of dangerous function in software timely,thereby to improve the quality and safety of software product. |
| |
| Keywords: | buffer overflow dangerous function safe function library software configuration management continuous integration |
| 本文献已被 万方数据 等数据库收录! |
|
