[cfe-commits] [PATCH] review request: strcpy() security checker CWE-119
Lenny Maiorani
lenny at Colorado.EDU
Thu Mar 31 12:34:13 PDT 2011
While I am at it, poking around in the string functions, here is a
security syntax checker for strcpy() which causes the Static Analyzer to
generate a warning any time the strcpy() function is used with a note
suggesting to use a function which provides bounded buffers.
I included in the warning description the CWE number. Is this useful?
Should the warning description also contain suggestions like strncpy()
and strlcpy()? Since there are a number of options I left that
suggestion out in leiu of the CWE number.
-Lenny
-------------- next part --------------
A non-text attachment was scrubbed...
Name: security-CWE119-strlen-checker.diff
Type: text/x-patch
Size: 5279 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20110331/92db13ed/attachment.bin>
More information about the cfe-commits
mailing list