summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGuru Das Srinagesh <quic_gurus@quicinc.com>2022-08-04 20:46:14 +0300
committerMasahiro Yamada <masahiroy@kernel.org>2022-08-20 20:47:49 +0300
commit4be72c1b9f298b4ad42391322eaddef64b282716 (patch)
tree5efedfdbeb3761c2a5c30d8788dc6ba6246d45f9
parent113147510b48e764e624e3d0e6707a1e48bc05a9 (diff)
downloadlinux-4be72c1b9f298b4ad42391322eaddef64b282716.tar.xz
scripts/clang-tools: Remove DeprecatedOrUnsafeBufferHandling check
This `clang-analyzer` check flags the use of memset(), suggesting a more secure version of the API, such as memset_s(), which does not exist in the kernel: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling] Signed-off-by: Guru Das Srinagesh <quic_gurus@quicinc.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
-rwxr-xr-xscripts/clang-tools/run-clang-tools.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/scripts/clang-tools/run-clang-tools.py b/scripts/clang-tools/run-clang-tools.py
index f754415af398..1337cedca096 100755
--- a/scripts/clang-tools/run-clang-tools.py
+++ b/scripts/clang-tools/run-clang-tools.py
@@ -51,6 +51,7 @@ def run_analysis(entry):
checks += "linuxkernel-*"
else:
checks += "clang-analyzer-*"
+ checks += ",-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling"
p = subprocess.run(["clang-tidy", "-p", args.path, checks, entry["file"]],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,