After three years of development, the GNU cflow 1.7 utility has been released, designed to build a visual graph of function calls in C programs, which can be used to simplify the study of the application logic. The graph is constructed only based on the analysis of source texts, without the need to execute the program. The generation of both forward and reverse execution flow graphs is supported, as well as the generation of lists of cross-references for code files.
The release is notable for the implementation of support for the “dot” output format ('—format=dot') for generating the result in the DOT language for subsequent visualization in the Graphviz package. Added the ability to specify multiple starting functions by duplicating the '—main' options; a separate graph will be generated for each of these functions. Also added is the “--target=FUNCTION” option, which allows you to limit the resulting graph to only the branch that includes certain functions (the “--target” option can be specified several times). New commands for graph navigation have been added to cflow-mode: “c” - go to the calling function, “n” - go to the next function at a given nesting level and “p” - go to the previous function with the same nesting level.
The new version also eliminates two vulnerabilities that were identified back in 2019 and lead to memory corruption when processing specially formatted source texts in cflow. The first vulnerability (CVE-2019-16165) is caused by a use-after-free memory access in the parser code (reference function in parser.c). The second vulnerability (CVE-2019-16166) is related to a buffer overflow in the nexttoken() function. According to the developers, these problems do not pose a security threat, since they are limited to the abnormal termination of the utility.
Source: opennet.ru