[cfe-commits] [PATCH] review request - strcmp/strcasecmp security checker
Ted Kremenek
kremenek at cs.stanford.edu
Fri Apr 8 16:41:38 PDT 2011
I'll actually backpedal a bit. I'm a little concerned about the utility of just always warning about strcmp() and strcasecmp(). While this is an opt-in check, I can see this flagging so many times that few would ever turn the check on.
On Apr 8, 2011, at 4:22 PM, Ted Kremenek wrote:
> Looks good, except the patch contains tabs. Please use spaces.
>
> On Apr 6, 2011, at 3:25 PM, Lenny Maiorani wrote:
>
>> Add security syntax checker for strcmp() and strcasecmp() which causes the Static Analyzer to generate a warning any time the strcmp() function is used with a note suggesting to use a function which provides bounded buffers such as strncmp() or strncasecmp(). CWE-119.
>>
>>
>> -Lenny
>>
>>
>> <strcmp-and-strcasecmp-security-checker.diff>_______________________________________________
>> cfe-commits mailing list
>> cfe-commits at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
More information about the cfe-commits
mailing list