From d33464fc65466fb4aa2664b3506b8e5ae9f02431 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Wed, 10 Jun 2026 11:33:04 +0200
Subject: [PATCH] Disable DeprecatedOrUnsafeBufferHandling analyzer check

When compiling with C11 or later, this check suggests to use C11 Annex K
functions like memcpy_s. These functions aren't widely supported.

We will lose some warnings about really dangerous functions like
sprintf, but this check doesn't offer more granularity, see
https://github.com/llvm/llvm-project/issues/64027.
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 6b390dcca..29f047184 100644
--- a/Makefile
+++ b/Makefile
@@ -107,7 +107,7 @@ lint: $(BUILDDIR)
 	for f in `ls src/*.[ch] | grep -v "scanners.c"` ; do \
 	  echo $$f ; \
 	  clang-tidy \
-	    -checks='clang-analyzer-*' \
+	    -checks='clang-analyzer-*,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling' \
 	    -header-filter='^build/.*' \
 	    -p=build \
 	    -warnings-as-errors='*' \