https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105889
Bug ID: 105889 Summary: RFE: -fanalyzer should complain about uses of inherently unsafe functions Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: analyzer Assignee: dmalcolm at gcc dot gnu.org Reporter: dmalcolm at gcc dot gnu.org Blocks: 105887 Target Milestone: --- Looking at https://clang.llvm.org/docs/analyzer/checkers.html : security.insecureAPI.gets: looks easy to implement, but perhaps low-value, given that glibc has removed it from <stdio.h>. Doesn't need to be in analyzer, just "inherently unsafe function" as per CWE-242: https://cwe.mitre.org/data/definitions/242.html security.insecureAPI.mktemp: looks easy to implement, and useful; another CWE-242 Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887 [Bug 105887] RFE: clang analyzer warnings that GCC's -fanalyzer could implement