xazax.hun added a comment.

In https://reviews.llvm.org/D35068#811437, @NoQ wrote:

> It'd look good in clang-tidy (especially if extended to provide fixits), but 
> if Daniel is interested in having this feature in the analyzer (and picked by 
> clang-tidy from there), i wouldn't mind.
> I wonder how noisy this check is - did you test it on large codebases? 
> Because these functions are popular, and in many cases it'd be fine to use 
> insecure functions, i wonder if it's worth it to have this check on by 
> default. Like, if it's relatively quiet - it's fine, but if it'd constitute 
> 90% of the analyzer's warnings on popular projects, that'd probably not be 
> fine.

This patch basically extends an already existing static analyzer check. Even if 
tidy might be a better fit, I wonder what is the right thing to do in this 
case. We either end up overlapping functionality with the analyzer and tidy or 
have to come up with a policy what to do in this such cases.



cfe-commits mailing list

Reply via email to