[PATCH] D35068: [analyzer] Detect usages of unsafe I/O functions
Daniel Kolozsvari via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Apr 17 08:35:09 PDT 2018
koldaniel added a comment.
In https://reviews.llvm.org/D35068#1049530, @george.karpenkov wrote:
> @koldaniel Have you evaluated this checker? On which codebases? Were the warnings real security issues, or were they mostly spurious? The code seems fine, but I'm not sure whether it should be in `security` or in `alpha`.
I've evaluated this checker on LLVM+Clang, there were only a few (about 15) warnings, because of the C11 flag check at the beginning of the checker body. However, if this check was removed, number of the warnings would be increased significantly. I wouldn't say the findings were real security issues, most of the warnings were about usages of deprecated functions, which has not been considered unsecure (but which may cause problems if the code is modified in an improper way in the future).
https://reviews.llvm.org/D35068
More information about the cfe-commits
mailing list