[PATCH] D35068: [analyzer] Detect usages of unsafe I/O functions

Daniel Kolozsvari via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Thu Nov 16 06:52:33 PST 2017


koldaniel added inline comments.


================
Comment at: include/clang/StaticAnalyzer/Checkers/Checkers.td:382
+    DescFile<"CheckSecuritySyntaxOnly.cpp">;
+  def DeprecatedBufferHandling : Checker<"DeprecatedBufferHandling">,
+    HelpText<"Warn on uses of deprecated buffer manipulating functions">,
----------------
xazax.hun wrote:
> koldaniel wrote:
> > xazax.hun wrote:
> > > I do not like the naming of these two checks, It feels like one of them warns for a subset of the other, however, it is not the case.
> > > What about removing the "deprecated" part from the first check? 
> > Both checker warns if a buffer handling function is deprecated (DeprecatedOrUnsafeBufferHandling calls DeprecatedBufferHandling), but the DeprecatedOrUnsafeBufferHandling checker also warns if a function is not only deprecated but unsafe (i.e. writes a buffer without size restrictions) too.
> I see. Maybe it would be better to make them disjoint? Also, I think it is not a good user experience to get two warnings for the same function call.  
Do you mean to separate them, so we would have one checker which warns for the unsafe and deprecated buffer handling functions, and one which warns for the deprecated functions which have some boundary restrictions?


https://reviews.llvm.org/D35068





More information about the cfe-commits mailing list