[gentoo-dev] new warnings to catch from gcc in portage

[Mike Frysinger <vapier@gentoo.org>]

[-- Attachment #1: Type: text/plain, Size: 1544 bytes --]

the newer fortify/security work in gcc provides some nice checks which portage 
doesnt currently flag.  those are:
	": warning: array subscript is below array bounds$"
	": warning: array subscript is above array bounds$"
	": warning: attempt to free a non-heap object"
	": warning: .* called with .*bigger.* than .* destination buffer$"
	": warning: call to .* will always overflow destination buffer$"

this should catch the kind of checks where people check for pointer math 
overflow but dont realize that gcc optimizes it away:
	": warning: assuming pointer wraparound does not occur when comparing "

these tend to be typos in code:
	": warning: hex escape sequence out of range$"
	": warning: [^ ]*-hand operand of comma .*has no effect$"

these too are typos/thinkos involving NULL instead of a value of 0, or 
misordering of arguments:
	": warning: converting to non-pointer type .* from NULL"
	": warning: NULL used in arithmetic$"
	": warning: passing NULL to non-pointer argument"

these tend to be thinkos which result in incorrect behavior:
	": warning: the address of [^ ]* will always evaluate as"
	": warning: the address of [^ ]* will never be NULL"
think "char foo[1234]" and later doing "if (foo) ..."

i cant see this being valid:
	": warning: too few arguments for format"

or trying to return addresses to function locals:
	": warning: reference to local variable .* returned"
	": warning: returning reference to temporary"
	": warning: function returns address of local variable"
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]