Community
Participate
Working Groups
Build Identifier: Version: Indigo Service Release 2 Build id: 20120216-1857 Secure C/C++ programming is big concern for developers. A lot of memory leak/buffer overflow problems are caused by using C/C++ functions improperly or without care. For Win32 development, developer should stop using depreciated C/C++ CRT function and take the advantage of new security enhanced function. For example, use 'strcpy_s' instead of 'strcpy'. It is nice if CDT can provide such checking for Win32 developer. http://msdn.microsoft.com/en-ca/magazine/cc163794.aspx Reproducible: Always
Created attachment 214026 [details] The prototype checker for checking depreciated C/C++ CRT functions Here is a simple code checker to detect using depreciated C/C++ functions, it also support quick fix. The associated unit tests for checker and quickfix are included. The depreciated functions list need to be grown if this checker is considered to be useful by CDT team.
Hello Henry, I think this checker is a good idea. However, I don't think we should add new checkers for this release, it might have to wait after (end of June). I haven't thoroughly reviewed the patch but I noticed the copyrights are missing and I don't think the checker should be enabled by default.
(In reply to comment #2) > Hello Henry, I think this checker is a good idea. However, I don't think we > should add new checkers for this release, it might have to wait after (end of > June). I haven't thoroughly reviewed the patch but I noticed the copyrights are > missing and I don't think the checker should be enabled by default. Hello Marc-Andre, Thanks for the comment. I am glad it is considered useful. Sorry for missing some information in my patch - my first contribution:-) I will add it and correct what you pointed out in next submission. It is ok this checker won't be added in next release. I started thinking of some improvement, e.g. warning and quick fix based on different C/C++ libraries. In the future release, I'd like to see more security checkers/rules being added. I conducted some static code analysis by using tools - visual studio/fortify for my work projects. Security is the most concern. thanks Henry