[LLVMdev] Handling of unsafe functions
Joerg Sonnenberger
joerg at britannica.bec.de
Thu Sep 27 03:26:02 PDT 2012
On Wed, Sep 19, 2012 at 12:00:50AM +0000, Martinez, Javier E wrote:
> We have identified functions in LLVM sources using a static code
> analyzer which are marked as a "security vulnerability"[1][2].
>
> Recommended alternatives:
>
> Functions Windows Unix/Mac OS
>
> Memcpy memcpy_s -
...
Please fill bug reports for your tool. memcpy operates on explicitly
bounded objects, unlikely e.g. strcat/strcpy. Marking them as deprecated
is just as buggy. From the rest of your list, strtok has some issues,
but it is generally safe to use too. The replacements are not an
improvement at all. First time I saw the annex K (?) from C11, I was
thinking like "Who pushed this crap into the standard, Microsoft?".
Joerg
More information about the llvm-dev
mailing list