Hi,

I’ve been working on a patch that adds a new attribute (warn_impcast_to_bool) to indicate that the return value of a function shouldn’t be used as a boolean, as well as a compile warning and a StaticAnalyzer checker to warn about misusing functions with this attribute. This change is inspired by the CVE-2008-5077 in OpenSSL (https://www.openssl.org/news/secadv/20090107.txt).

Anna Zaks suggested that I should also propose it on cfe-dev as well as cfe-commits. The patch is available at https://reviews.llvm.org/D24507; any additional feedback welcome.

Regards, Anton Urusov