public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug analyzer/105889] New: RFE: -fanalyzer should complain about uses of inherently unsafe functions
@ 2022-06-08 14:34 dmalcolm at gcc dot gnu.org
2022-06-08 17:23 ` [Bug analyzer/105889] " egallager at gcc dot gnu.org
2022-06-08 17:47 ` egallager at gcc dot gnu.org
0 siblings, 2 replies; 3+ messages in thread
From: dmalcolm at gcc dot gnu.org @ 2022-06-08 14:34 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105889
Bug ID: 105889
Summary: RFE: -fanalyzer should complain about uses of
inherently unsafe functions
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 105887
Target Milestone: ---
Looking at https://clang.llvm.org/docs/analyzer/checkers.html :
security.insecureAPI.gets:
looks easy to implement, but perhaps low-value, given that glibc has
removed it from <stdio.h>. Doesn't need to be in analyzer, just
"inherently unsafe function" as per CWE-242:
https://cwe.mitre.org/data/definitions/242.html
security.insecureAPI.mktemp:
looks easy to implement, and useful; another CWE-242
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887
[Bug 105887] RFE: clang analyzer warnings that GCC's -fanalyzer could implement
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/105889] RFE: -fanalyzer should complain about uses of inherently unsafe functions
2022-06-08 14:34 [Bug analyzer/105889] New: RFE: -fanalyzer should complain about uses of inherently unsafe functions dmalcolm at gcc dot gnu.org
@ 2022-06-08 17:23 ` egallager at gcc dot gnu.org
2022-06-08 17:47 ` egallager at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: egallager at gcc dot gnu.org @ 2022-06-08 17:23 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105889
Eric Gallager <egallager at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |egallager at gcc dot gnu.org
--- Comment #1 from Eric Gallager <egallager at gcc dot gnu.org> ---
Do these clang checkers do anything more that can't already be done with just
#pragma GCC poison?
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug analyzer/105889] RFE: -fanalyzer should complain about uses of inherently unsafe functions
2022-06-08 14:34 [Bug analyzer/105889] New: RFE: -fanalyzer should complain about uses of inherently unsafe functions dmalcolm at gcc dot gnu.org
2022-06-08 17:23 ` [Bug analyzer/105889] " egallager at gcc dot gnu.org
@ 2022-06-08 17:47 ` egallager at gcc dot gnu.org
1 sibling, 0 replies; 3+ messages in thread
From: egallager at gcc dot gnu.org @ 2022-06-08 17:47 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105889
--- Comment #2 from Eric Gallager <egallager at gcc dot gnu.org> ---
Alternate idea: have fixincludes modify headers that still declare gets() and
mktemp() to annotate them with __attribute__((error)) or
__attribute__((warning)), if they don't already have at least one of them
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-06-08 17:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-08 14:34 [Bug analyzer/105889] New: RFE: -fanalyzer should complain about uses of inherently unsafe functions dmalcolm at gcc dot gnu.org
2022-06-08 17:23 ` [Bug analyzer/105889] " egallager at gcc dot gnu.org
2022-06-08 17:47 ` egallager at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).