[LLVMdev] Handling of unsafe functions
joerg at britannica.bec.de
Thu Sep 27 03:26:02 PDT 2012
On Wed, Sep 19, 2012 at 12:00:50AM +0000, Martinez, Javier E wrote:
> We have identified functions in LLVM sources using a static code
> analyzer which are marked as a "security vulnerability".
> Recommended alternatives:
> Functions Windows Unix/Mac OS
> Memcpy memcpy_s -
Please fill bug reports for your tool. memcpy operates on explicitly
bounded objects, unlikely e.g. strcat/strcpy. Marking them as deprecated
is just as buggy. From the rest of your list, strtok has some issues,
but it is generally safe to use too. The replacements are not an
improvement at all. First time I saw the annex K (?) from C11, I was
thinking like "Who pushed this crap into the standard, Microsoft?".
More information about the llvm-dev