This patch introduces a new checker:
This checker is implemented based on the following rule:
It warns on misusing the following functions:
strcpy(), gets(), fscanf(), sprintf().
It also has an option on its base checker:
This boolean option is on by default and stands for the following:
Whether the checker needs to warn on the bugprone function calls. It is a common idiom to null-terminate by hand after the insecure function call which is easy to misuse so that it is on by default. If it is off that means we look for a hand-written null-termination before the string is possibly read and if we find one we do not report the insecure call.