<div dir="ltr"><span id="gmail-docs-internal-guid-e3f4d035-42c5-5603-f6c5-8b02803f1c0e"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">Hi,</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap;background-color:transparent">I’ve been working on a patch that adds a new attribute </span><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap">(warn_impcast_to_bool) to indicate that the return value of a function shouldn't be used as a boolean, as well as a compile warning and a StaticAnalyzer checker to warn about misusing functions with this attribute. This change is inspired by the CVE-2008-5077 in OpenSSL (</span><a href="https://www.openssl.org/news/secadv/20090107.txt" style="text-decoration:none"><span style="font-size:14.6667px;font-family:arial;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://www.openssl.org/news/secadv/20090107.txt</span></a><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap">).</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap">Anna Zaks suggested that I should also propose it on cfe-dev as well as cfe-commits. The patch is available at </span><a href="https://reviews.llvm.org/D24507" style="text-decoration:none"><span style="font-size:14.6667px;font-family:arial;text-decoration:underline;vertical-align:baseline;white-space:pre-wrap">https://reviews.llvm.org/D24507</span></a><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap">; any additional feedback welcome.</span></p><br><span style="font-size:14.6667px;font-family:arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap">Regards, Anton Urusov</span></span><br></div>