From 18fa3025f243841cad2442da7d042100efdc6e07 Mon Sep 17 00:00:00 2001 From: KaraZajac Date: Sat, 23 May 2026 20:58:03 -0400 Subject: [PATCH] ci: silence Annex K noise from clang-tidy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The first clang-tidy run on v0.7.0 reported 193 warnings, all from one check: clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling. That check flags snprintf, fprintf, memset, strncpy etc. and recommends the C11 Annex K _s variants (snprintf_s, memset_s, ...). Annex K is fundamentally not portable — glibc, musl, and MSVC all either don't implement it or implement it incompletely. snprintf is already bounds-checked via its size argument; this check is noise rather than signal in any real C codebase. Also pre-emptively disabling bugprone-easily-swappable-parameters which fires on every small utility function taking 2+ same-typed params (e.g. skeletonkey_host_kernel_at_least(host, major, minor, patch)). Everything else stays on. The next CI run will show whatever real findings hid under the noise. --- .clang-tidy | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 .clang-tidy diff --git a/.clang-tidy b/.clang-tidy new file mode 100644 index 0000000..4125815 --- /dev/null +++ b/.clang-tidy @@ -0,0 +1,24 @@ +# clang-tidy configuration for SKELETONKEY core/. +# +# Defaults are mostly fine. Two checks intentionally disabled: +# +# clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling +# This check flags snprintf, fprintf, memset, strncpy, etc. as +# "insecure" and recommends the C11 Annex K _s variants +# (snprintf_s, memset_s, ...). Annex K is fundamentally not +# portable — glibc, musl, and MSVC all either don't implement +# it or implement it incompletely. snprintf is already bounds- +# checked; this is noise rather than signal in real C code. +# The Linux kernel uses these functions everywhere; so does +# every C project. Disabling. +# +# bugprone-easily-swappable-parameters +# Flags every function taking 2+ same-typed parameters. False- +# positive heavy on small utility functions like +# skeletonkey_host_kernel_at_least(host, major, minor, patch) +# where the parameter order is documented and obvious. Not +# worth the noise. + +Checks: > + -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling, + -bugprone-easily-swappable-parameters