From fc203a6b9b810343e64a8244a4a4bbb80092f529 Mon Sep 17 00:00:00 2001
From: Kristof Umann <dkszelethus@gmail.com>
Date: Mon, 11 Feb 2019 13:46:43 +0000
Subject: [analyzer] New checker for detecting usages of unsafe I/O functions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There are certain unsafe or deprecated (since C11) buffer handling
functions which should be avoided in safety critical code. They
could cause buffer overflows. A new checker,
'security.insecureAPI.DeprecatedOrUnsafeBufferHandling' warns for
every occurrence of such functions (unsafe or deprecated printf,
scanf family, and other buffer handling functions, which now have
a secure variant).

Patch by Dániel Kolozsvári!

Differential Revision: https://reviews.llvm.org/D35068


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@353698 91177308-0d34-0410-b5e6-96231b3b80d8
---
 docs/analyzer/checkers.rst | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'docs/analyzer/checkers.rst')

diff --git a/docs/analyzer/checkers.rst b/docs/analyzer/checkers.rst
index c6fcfe4d5e..62f7f7bfc8 100644
--- a/docs/analyzer/checkers.rst
+++ b/docs/analyzer/checkers.rst
@@ -566,6 +566,17 @@ security.insecureAPI.vfork (C)
    vfork(); // warn
  }
 
+security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C) 
+""""""""""""""""""""""""""""""
+ Warn on occurrences of unsafe or deprecated buffer handling functions, which now have a secure variant: ``sprintf, vsprintf, scanf, wscanf, fscanf, fwscanf, vscanf, vwscanf, vfscanf, vfwscanf, sscanf, swscanf, vsscanf, vswscanf, swprintf, snprintf, vswprintf, vsnprintf, memcpy, memmove, strncpy, strncat, memset``
+
+.. code-block:: c
+ 
+ void test() {
+   char buf [5];
+   strncpy(buf, "a", 1); // warn
+ }
+
 .. _unix-checkers:
 
 unix
-- 
cgit v1.2.3