[Bug analyzer/105890] RFE: -fanalyzer should complain about mkstemp with not enough "X"s in format string

egallager at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Wed Jun 8 17:22:36 GMT 2022


Eric Gallager <egallager at gcc dot gnu.org> changed:

           What    |Removed                     |Added
                 CC|                            |egallager at gcc dot gnu.org
   Last reconfirmed|                            |2022-06-08
             Blocks|                            |87403
     Ever confirmed|0                           |1
           Keywords|                            |diagnostic
             Status|UNCONFIRMED                 |NEW

--- Comment #1 from Eric Gallager <egallager at gcc dot gnu.org> ---
(In reply to David Malcolm from comment #0)
> https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-
> mkstemp-c
> "Warn when ‘mkstemp’ is passed fewer than 6 X’s in the format string."
> Seems fairly easy to implement.  Maybe a frontend warnning, rather than
> -fanalyzer?

Yeah seems like it would be a new subflag to -Wformat (and, as I've mentioned
elsewhere, more evidence that there should be a -Wformat=3 as more of these get

Referenced Bugs:

[Bug 87403] [Meta-bug] Issues that suggest a new warning

More information about the Gcc-bugs mailing list