[PATCH] D35068: [analyzer] Detect usages of unsafe I/O functions
Gábor Horváth via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 15 05:39:21 PST 2017
xazax.hun added inline comments.
================
Comment at: include/clang/StaticAnalyzer/Checkers/Checkers.td:382
+ DescFile<"CheckSecuritySyntaxOnly.cpp">;
+ def DeprecatedBufferHandling : Checker<"DeprecatedBufferHandling">,
+ HelpText<"Warn on uses of deprecated buffer manipulating functions">,
----------------
koldaniel wrote:
> xazax.hun wrote:
> > I do not like the naming of these two checks, It feels like one of them warns for a subset of the other, however, it is not the case.
> > What about removing the "deprecated" part from the first check?
> Both checker warns if a buffer handling function is deprecated (DeprecatedOrUnsafeBufferHandling calls DeprecatedBufferHandling), but the DeprecatedOrUnsafeBufferHandling checker also warns if a function is not only deprecated but unsafe (i.e. writes a buffer without size restrictions) too.
I see. Maybe it would be better to make them disjoint? Also, I think it is not a good user experience to get two warnings for the same function call.
https://reviews.llvm.org/D35068
More information about the cfe-commits
mailing list