User's Manual
Example 61 Detecting endian dependent code fragments
Consider the following code fragment.
union Endian {
char c[4];
int v;
};
In such cases, cadvise generates the following warning:
"endian1.c", line 2: warning #4289-D: endian porting: the definition of the
union may be endian dependent
union Endian {
^
The +wendian option can catch various potential endian dependent data structures and usage.
It helps you to locate potential problem spots while porting from little-endian to big endian
architecture and vice versa.
8.5 Detecting potential security vulnerabilities
The +wsecurity[=1|2|3|4] option enables compile time diagnostic messages for potential
security vulnerabilities. This option is useful in an environment where you are not trained to detect
security vulnerabilities.
With the +wsecurity option, warnings are generated for cases where untrusted (tainted) data
may reach a critical reference point in the program. This is based on cross-module analysis
performed by the compiler, which is much more powerful compared to simple scanning and parsing
tools. The +wsecurity option implicitly enables a limited form of cross-module analysis even if
-ipo or +O4 options are not specified. This may lead to a significant increase in the compile time
compared to a build without the +wsecurity option. Using this option may result in the compiler
invoking optimizations other than those which are part of the specified optimization level. If
+wsecurity is used in addition to -ipo or +O4, the generated code is not affected and the compile
time does not increase much. The +wsecurity option requires cross module analysis. Hence,
you need to specify the location of the PDB using the -pdb option.
The problems detected include use of unsafe APIs, use of unsafe data length argument, unsafe loop
exit condition, unsafe file path use, and so on.
For example, see the reference to untrusted file path in the following code:
52 Categories of diagnostics with examples