On Fri, 20 Sep 2013, Yaroslav Halchenko wrote: > On "your" code you could look for some (no multiline or more complex > expressions, no snprintf) hits in sprintf with following grep
> grep -re 'sprintf(\s*\(\w\+\)\s*,[^,]\+,\s*\1\>' * > unfortunately codesearch.d.n seems to not have support for referencing a > group in regexp yet, thus couldn't search for obvious hits within archive. > If anyone comes up with proper parser/analyzer to catch those -- I would > be very grateful (I am surprised that gcc doesn't issue any warning). somehow I didn't know yet about debile.d.n and this package is not yet in Debian thus I am paying by running cppcheck on it myself now, as Julian Taylor suggested -- cppcheck seems to catch this pattern nicely. Cheers, -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130921010146.gb27...@onerussian.com
