High efficiency and flexibility are the aims of the developers of C/C++ language. But some safeties are neglected more or less. Because of the programmer's inability or carelessness, the safety of the software is extremely threatened. Type conversion and control flow safety vulnerabilities in C/C++ are studied in this paper. Feasible static detecting methods are given based on deep analysis of these safety vulnerabilities.For type conversion safety vulnerabilities, its commonness is summarized through the analysis of data type characteristic and the conversion of them. Syntax directed translation technique is used to describe the type conversion safety vulnerabilities formally. Finally, these vulnerabilities are detected with the use of foreign free software GASTA and the handle of the AST (Abstract Syntax Tree). The control flow relative safety vulnerabilities are handled similarly. |