On 7 Apr 2011 at 0:59, Joerg Sonnenberger wrote: > On Wed, Apr 06, 2011 at 04:25:21PM -0600, Lenny Maiorani wrote: > > Add security syntax checker for strcmp() and strcasecmp() which causes > > the Static Analyzer to generate a warning any time the strcmp() > > function is used with a note suggesting to use a function which > > provides bounded buffers such as strncmp() or strncasecmp(). CWE-119. > > Sorry, but this sounds completely wrong.
i raised the issue already last week but got no response.... http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20110328/040517.html _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
