From: Viktor Szakats Date: Tue, 23 Dec 2025 11:16:52 +0000 (+0100) Subject: build: stop disabling `strcpy` checks with clang-tidy X-Git-Tag: rc-8_18_0-3~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=532d134767df99fb6ce8bc041afa4e0279b52589;p=thirdparty%2Fcurl.git build: stop disabling `strcpy` checks with clang-tidy Follow-up to 436e67f65b9dee1e80aa063c39450f0d1df6ac72 #20076 Closes #20084 --- diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index acd34565d3..2fd1817f7b 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -37,7 +37,7 @@ env: MAKEFLAGS: -j 5 CURL_CI: github CURL_TEST_MIN: 1600 - CURL_CLANG_TIDYFLAGS: '-checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.ArrayBound,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-valist.Uninitialized' + CURL_CLANG_TIDYFLAGS: '-checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.ArrayBound,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,-clang-analyzer-valist.Uninitialized' # renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com LIBRESSL_VERSION: 4.2.1 # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com diff --git a/CMakeLists.txt b/CMakeLists.txt index 43ec013508..8e5383ac98 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -269,7 +269,6 @@ if(CURL_CLANG_TIDY) set(CURL_DISABLE_TYPECHECK ON) # to improve performance and avoid potential interference. set(_tidy_checks "") list(APPEND _tidy_checks "-clang-analyzer-security.insecureAPI.bzero") # for FD_ZERO() (seen on macOS) - list(APPEND _tidy_checks "-clang-analyzer-security.insecureAPI.strcpy") list(APPEND _tidy_checks "-clang-analyzer-optin.performance.Padding") list(APPEND _tidy_checks "-clang-analyzer-security.ArrayBound") # false positives with clang-tidy v21.1.0 list(APPEND _tidy_checks "-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling") diff --git a/lib/Makefile.am b/lib/Makefile.am index 833d756648..f2fc303ab8 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -168,7 +168,7 @@ $(UNITPROTOS): $(CSOURCES) $(UNIT_V)(cd $(srcdir) && @PERL@ ../scripts/extract-unit-protos $(CSOURCES)) > $(top_builddir)/lib/$(UNITPROTOS) # disable the tests that are mostly causing false positives -TIDYFLAGS := -checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.ArrayBound,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling -quiet +TIDYFLAGS := -checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.ArrayBound,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling -quiet if CURL_WERROR TIDYFLAGS += --warnings-as-errors=* endif diff --git a/src/Makefile.am b/src/Makefile.am index 169a64f713..49dc6693cc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -219,7 +219,7 @@ endif endif # disable the tests that are mostly causing false positives -TIDYFLAGS := -checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-security.insecureAPI.strcpy,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.ArrayBound,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling -quiet +TIDYFLAGS := -checks=-clang-analyzer-security.insecureAPI.bzero,-clang-analyzer-optin.performance.Padding,-clang-analyzer-security.ArrayBound,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling -quiet if CURL_WERROR TIDYFLAGS += --warnings-as-errors=* endif