[LLVMdev] Handling of unsafe functions

Joerg Sonnenberger joerg at britannica.bec.de
Thu Sep 27 03:26:02 PDT 2012

On Wed, Sep 19, 2012 at 12:00:50AM +0000, Martinez, Javier E wrote:
> We have identified functions in LLVM sources using a static code
> analyzer which are marked as a "security vulnerability"[1][2].
> Recommended alternatives:
> Functions    Windows        Unix/Mac OS
> Memcpy     memcpy_s      -

Please fill bug reports for your tool. memcpy operates on explicitly
bounded objects, unlikely e.g. strcat/strcpy. Marking them as deprecated
is just as buggy. From the rest of your list, strtok has some issues,
but it is generally safe to use too. The replacements are not an
improvement at all. First time I saw the annex K (?) from C11, I was
thinking like "Who pushed this crap into the standard, Microsoft?".


More information about the llvm-dev mailing list