================
@@ -1785,6 +1768,13 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C)
strncpy(buf, "a", 1); // warn
}
+The ``AllowWithoutC11`` option allows reporting warnings for these functions
even when not compiling with C11 standard. These functions are deprecated in
C11, but may still be problematic in earlier C standards.
+
+To enable this option, use:
+``-analyzer-config
security.insecureAPI.DeprecatedOrUnsafeBufferHandling:AllowWithoutC11=true``.
+
+By default, this option is set to *false*.
+
----------------
gamesh411 wrote:
I agree that the naming is probably better if we use the "reporting when"
pattern for the flag name. I'll go with your suggestion.
I have 2 minor concerns with making this on by default. One is the potential
new finding that the users will find surprising. This is a lesser issue when
compared to the next. Looking at the public opinion shows that Annex K and
these _s suffix variants are under scrutiny and not widely implemented.
So if we want to move in this direction, I have a suggestion of making this
checker enabled not based on the detection of the C11 standard, but rather the
availability of the macro symbol `__STDC_LIB_EXT1__`, as these warnings are
only actionable when this is the case.
@steakhal What is your opinion?
https://github.com/llvm/llvm-project/pull/168704
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
