koldaniel marked 4 inline comments as done. koldaniel added inline comments.
================ Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:597-598 + + if(!BR.getContext().getLangOpts().C11) + return; + ---------------- NoQ wrote: > Note that you cannot easily figure out if the code is intended to get > compiled only under C11 and above - maybe it's accidentally compiled under > C11 for this user, but is otherwise intended to keep working under older > standards. It is a possible scenario, how should I check if the checks should warn (safe functions are available) if not by using this method? ================ Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:670-675 + auto FormatString = + dyn_cast<StringLiteral>(CE->getArg(ArgIndex)->IgnoreParenImpCasts()); + if(FormatString && + FormatString->getString().find("%s") == StringRef::npos && + FormatString->getString().find("%[") == StringRef::npos) + return; ---------------- NoQ wrote: > You'd probably also want to quit early if the format string is not a literal. If the format string is not a literal (i.e. a variable), currently we cannot determine if there were any restrictions regarding the size or not, so we want this check to warn. Repository: rL LLVM https://reviews.llvm.org/D35068 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits