From c2ddaaa4255cd4ab82eb9be6b1ac1842ec1e4edd Mon Sep 17 00:00:00 2001 From: mitchell Date: Mon, 17 Nov 2025 20:28:02 +0800 Subject: [PATCH] [NFC][analyzer] Add missing documentation for `decodeValueOfObjCType` (#167822) This check is introduced in https://github.com/llvm/llvm-project/commit/b284005072122fe4af879725e3c8090009f89ca0, but the documentation seems missing from `checkers.rst`. --- clang/docs/analyzer/checkers.rst | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index fd0b304cba0d..31edf9e99dc7 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -198,7 +198,7 @@ as error. Specifically on x86/x86-64 target if the pointer address space is dereference is not defined as error. See `X86/X86-64 Language Extensions `__ for reference. - + If the analyzer option ``suppress-dereferences-from-any-address-space`` is set to true (the default value), then this checker never reports dereference of pointers with a specified address space. If the option is set to false, then @@ -1664,6 +1664,23 @@ Warn on uses of the 'bzero' function. bzero(ptr, n); // warn } +.. _security-insecureAPI-decodeValueOfObjCType: + +security.insecureAPI.decodeValueOfObjCType (C) +"""""""""""""""""""""""""""""""""""""""""""""" +Warn on uses of the Objective-C method ``-decodeValueOfObjCType:at:``. + +.. code-block:: objc + + void test(NSCoder *decoder) { + unsigned int x; + [decoder decodeValueOfObjCType:"I" at:&x]; // warn + } + +This diagnostic is emitted only on Apple platforms where the safer +``-decodeValueOfObjCType:at:size:`` alternative is available +(iOS 11+, macOS 10.13+, tvOS 11+, watchOS 4.0+). + .. _security-insecureAPI-getpw: security.insecureAPI.getpw (C)