================
@@ -1785,6 +1768,13 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C)
strncpy(buf, "a", 1); // warn
}
+The ``AllowWithoutC11`` option allows reporting warnings for these functions
even when not compiling with C11 standard. These functions are deprecated in
C11, but may still be problematic in earlier C standards.
+
+To enable this option, use:
+``-analyzer-config
security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true``.
+
+By default, this option is set to *false*.
+
----------------
steakhal wrote:
> [...] One is the potential new finding that the users will find surprising.
IMO this is an improvement. I've received thank you notes in the past.
> [...] Annex K and these _s suffix variants are under scrutiny and not widely
> implemented
Yes, this is a valid concern. Correct me if I'm wrong, but I thought that all
the rest of the functions this checker warns fall into the same bucket, right?
If so, then the same concern applied in the past to those, so the flag still
doesn't make much sense. If no, then the flag should be named appropriately,
something resembling Annex K.
> [...] So if we want to move in this direction, I have a suggestion of making
> this checker enabled not based on the detection of the C11 standard, but
> rather the availability of the macro symbol __STDC_LIB_EXT1__, as these
> warnings are only actionable when this is the case.
I don't exactly know the contract. If I recall, to use the Annex K extensions,
you would need to define some macro and only then include the given header,
which would define another magic macro if Annex K was actually present. So it's
a two-ways contract: one needs to ask for it, and the library needs to expose
it.
I'd say it's pretty likely that some other code already checks the presence of
Annex K somehow.
I'm open for this path. I think it also makes sense.
https://github.com/llvm/llvm-project/pull/168704
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
