Szelethus added inline comments.
================
Comment at: test/Analysis/security-syntax-checks.m:253
+ FILE *file;
+ sprintf(buf, "a"); // expected-warning{{Call to function 'sprintf' is
insecure as it does not provide security checks introduced in the C11 standard.
Replace with analogous functions that support length arguments or provides
boundary checks such as 'sprintf_s' in case of C11}}
+ scanf("%d", &a); // expected-warning{{Call to function 'scanf' is insecure
as it does not provide security checks introduced in the C11 standard. Replace
with analogous functions that support length arguments or provides boundary
checks such as 'scanf_s' in case of C11}}
----------------
Szelethus wrote:
> When using `{{}}`, you actually supply a regex as an argument, and the output
> of the analyzer is matched against it. My point is, could you instead just
> write
> ```
> // expected-warning{{Call to function 'sprintf' is insecure}}
> ```
> to improve readability?
Or whatever the shortest string is needed to know whether the expected output
it there.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D35068/new/
https://reviews.llvm.org/D35068
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
