koldaniel marked 4 inline comments as done.
koldaniel added inline comments.
================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:597-598
+
+ if(!BR.getContext().getLangOpts().C11)
+ return;
+
----------------
NoQ wrote:
> Note that you cannot easily figure out if the code is intended to get
> compiled only under C11 and above - maybe it's accidentally compiled under
> C11 for this user, but is otherwise intended to keep working under older
> standards.
It is a possible scenario, how should I check if the checks should warn (safe
functions are available) if not by using this method?
================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:670-675
+ auto FormatString =
+ dyn_cast<StringLiteral>(CE->getArg(ArgIndex)->IgnoreParenImpCasts());
+ if(FormatString &&
+ FormatString->getString().find("%s") == StringRef::npos &&
+ FormatString->getString().find("%[") == StringRef::npos)
+ return;
----------------
NoQ wrote:
> You'd probably also want to quit early if the format string is not a literal.
If the format string is not a literal (i.e. a variable), currently we cannot
determine if there were any restrictions regarding the size or not, so we want
this check to warn.
Repository:
rL LLVM
https://reviews.llvm.org/D35068
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
