Skip to main content

Table 2 An example of detailed taint propagation process

From: ELAID: detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis

Step IR Line No. Taint propagation Applied rule
Initialization - T(taint_data)=true Initialization
The first loop 2 T(a1) = T(taint_data) Store rule
The second loop 1 T(x − > bar) = T(a1) Getelementptr rule 2
  3 T(a2) = T(x − > bar) Getelementptr rule 1
  4 T(b1) = T(a2) Load rule