Exercise: snprintf overflow

The following presentation guides you through developing a data flow query to find an example of snprintf overflow.

To view the speaker notes accompanying this presentation, click Settings > Open speaker notes.

A PDF version of these slides, including speaker notes, is also available: Exercise: snprintf overflow.

Accompanying material

To find the vulnerability described in this presentation, download the appropriate snapshot from the ryslog CVE page in the Semmle demos repository. This repository also contains example query files that can be run in QL for Eclipse. For more information about using QL for Eclipse, including how to import snapshots and run queries, see the QL for Eclipse online help.

Further information