On Wed, Apr 06, 2011 at 04:25:21PM -0600, Lenny Maiorani wrote:
> Add security syntax checker for strcmp() and strcasecmp() which causes
> the Static Analyzer to generate a warning any time the strcmp()
> function is used with a note suggesting to use a function which
> provides bounded buffers such as strncmp() or strncasecmp(). CWE-119.
Sorry, but this sounds completely wrong.
> +void test_strcmp() {
> + char x[4];
> + char *y;
> +
> + strcmp(x, y); //expected-warning{{Call to function 'strcmp' is insecure as
> it does not provide bounding of the memory buffer. Replace unbounded copy
> functions with analogous functions that support length arguments such as
> 'strncmp'. CWE-119.}}
This warning is bogus. It is using uninitialised memory. The warning
also only makes sense at all if there is a code path that doesn't ensure
0-termination. IMO this is doing the reverse of what is sane and as such
just producing noise without finding the real problems like use of
strcmp after strncpy.
Joerg
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
