I'll actually backpedal a bit. I'm a little concerned about the utility of just always warning about strcmp() and strcasecmp(). While this is an opt-in check, I can see this flagging so many times that few would ever turn the check on.
On Apr 8, 2011, at 4:22 PM, Ted Kremenek wrote: > Looks good, except the patch contains tabs. Please use spaces. > > On Apr 6, 2011, at 3:25 PM, Lenny Maiorani wrote: > >> Add security syntax checker for strcmp() and strcasecmp() which causes the >> Static Analyzer to generate a warning any time the strcmp() function is used >> with a note suggesting to use a function which provides bounded buffers such >> as strncmp() or strncasecmp(). CWE-119. >> >> >> -Lenny >> >> >> <strcmp-and-strcasecmp-security-checker.diff>_______________________________________________ >> cfe-commits mailing list >> [email protected] >> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits > _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
