dkrupp added a comment. I also analyzed openssl with the baseline and this version, but did not find any new warnings. See: http://codechecker-demo.eastus.cloudapp.azure.com/Default/#run=D66049_baseline&newcheck=D66049_improved&review-status=Unreviewed&review-status=Confirmed&detection-status=New&detection-status=Reopened&detection-status=Unresolved&tab=D66049_baseline_diff_D66049_improved
================ Comment at: lib/StaticAnalyzer/Checkers/CStringChecker.cpp:1580 // If the function is strncpy, strncat, etc... it is bounded. if (isBounded) { ---------------- Szelethus wrote: > Ah, okay, so the assumption is that bounded functions' third argument is > always a numerical size parameter. Why isn't that enforced at all? How should we enforce this? CHANGES SINCE LAST ACTION https://reviews.llvm.org/D66049/new/ https://reviews.llvm.org/D66049 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits