Example 61 Detecting endian dependent code fragments

Consider the following code fragment.

union Endian { char c[4]; int v;

};

In such cases, cadvise generates the following warning:

"endian1.c", line 2: warning #4289-D: endian porting: the definition of the union may be endian dependent

union Endian {

^

The +wendian option can catch various potential endian dependent data structures and usage. It helps you to locate potential problem spots while porting from little-endian to big endian architecture and vice versa.

8.5 Detecting potential security vulnerabilities

The +wsecurity[=1234] option enables compile time diagnostic messages for potential security vulnerabilities. This option is useful in an environment where you are not trained to detect security vulnerabilities.

With the +wsecurity option, warnings are generated for cases where untrusted (tainted) data may reach a critical reference point in the program. This is based on cross-module analysis performed by the compiler, which is much more powerful compared to simple scanning and parsing tools. The +wsecurity option implicitly enables a limited form of cross-module analysis even if -ipoor +O4 options are not specified. This may lead to a significant increase in the compile time compared to a build without the +wsecurity option. Using this option may result in the compiler invoking optimizations other than those which are part of the specified optimization level. If +wsecurity is used in addition to -ipoor +O4, the generated code is not affected and the compile time does not increase much. The +wsecurity option requires cross module analysis. Hence, you need to specify the location of the PDB using the -pdboption.

The problems detected include use of unsafe APIs, use of unsafe data length argument, unsafe loop exit condition, unsafe file path use, and so on.

For example, see the reference to untrusted file path in the following code:

52 Categories of diagnostics with examples