https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105889
Bug ID: 105889
Summary: RFE: -fanalyzer should complain about uses of
inherently unsafe functions
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: analyzer
Assignee: dmalcolm at gcc dot gnu.org
Reporter: dmalcolm at gcc dot gnu.org
Blocks: 105887
Target Milestone: ---
Looking at https://clang.llvm.org/docs/analyzer/checkers.html :
security.insecureAPI.gets:
looks easy to implement, but perhaps low-value, given that glibc has
removed it from <stdio.h>. Doesn't need to be in analyzer, just
"inherently unsafe function" as per CWE-242:
https://cwe.mitre.org/data/definitions/242.html
security.insecureAPI.mktemp:
looks easy to implement, and useful; another CWE-242
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105887
[Bug 105887] RFE: clang analyzer warnings that GCC's -fanalyzer could implement
