xazax.hun added a comment.
In https://reviews.llvm.org/D35068#811437, @NoQ wrote:
> It'd look good in clang-tidy (especially if extended to provide fixits), but
> if Daniel is interested in having this feature in the analyzer (and picked by
> clang-tidy from there), i wouldn't mind.
> I wonder how noisy this check is - did you test it on large codebases?
> Because these functions are popular, and in many cases it'd be fine to use
> insecure functions, i wonder if it's worth it to have this check on by
> default. Like, if it's relatively quiet - it's fine, but if it'd constitute
> 90% of the analyzer's warnings on popular projects, that'd probably not be
This patch basically extends an already existing static analyzer check. Even if
tidy might be a better fit, I wonder what is the right thing to do in this
case. We either end up overlapping functionality with the analyzer and tidy or
have to come up with a policy what to do in this such cases.
cfe-commits mailing list