[PATCH] D19590: Check for CERT ERR34-C. Detect errors when converting a string to a number
Aaron Ballman via cfe-commits
cfe-commits at lists.llvm.org
Wed Apr 27 07:03:04 PDT 2016
aaron.ballman created this revision.
aaron.ballman added reviewers: alexfh, sbenza.
aaron.ballman added a subscriber: cfe-commits.
Some numeric conversion APIs like atoi() and scanf() do not check the validity of the value being converted, so it is impossible to tell whether range errors have occurred. There are better APIs that can be used to ensure that input is validated properly, such as strtol() and related functions. This clang-tidy check flags calls to conversion functions that have insufficient error checking and diagnoses them, suggesting a better alternative.
This check corresponds to: https://www.securecoding.cert.org/confluence/display/c/ERR34-C.+Detect+errors+when+converting+a+string+to+a+number.
http://reviews.llvm.org/D19590
Files:
clang-tidy/cert/CERTTidyModule.cpp
clang-tidy/cert/CMakeLists.txt
clang-tidy/cert/StrToNumCheck.cpp
clang-tidy/cert/StrToNumCheck.h
docs/clang-tidy/checks/cert-err34-c.rst
docs/clang-tidy/checks/list.rst
test/clang-tidy/cert-err34-c.c
test/clang-tidy/cert-err34-c.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D19590.55208.patch
Type: text/x-patch
Size: 19783 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20160427/11da1e5c/attachment-0001.bin>
More information about the cfe-commits
mailing list