From e9a3d033720a95a54d84f84a05c25d2a1f87806f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Fri, 13 Aug 2010 22:27:45 +0200
Subject: [PATCH] Dangerous functions: Improved error messages

---
 lib/checkdangerousfunctions.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/checkdangerousfunctions.cpp b/lib/checkdangerousfunctions.cpp
index e1f7d5447..790996611 100644
--- a/lib/checkdangerousfunctions.cpp
+++ b/lib/checkdangerousfunctions.cpp
@@ -62,10 +62,13 @@ void CheckDangerousFunctions::dangerousFunctionmktemp(const Token *tok)
 
 void CheckDangerousFunctions::dangerousFunctiongets(const Token *tok)
 {
-    reportError(tok, Severity::style, "dangerousFunctiongets", "Found 'gets'. You should use 'fgets' instead");
+    reportError(tok, Severity::style, "dangerousFunctiongets", "Found 'gets'. You should use 'fgets' instead\n"
+                "Using gets can easily cause buffer overflows.");
 }
 
 void CheckDangerousFunctions::dangerousFunctionscanf(const Token *tok)
 {
-    reportError(tok, Severity::style, "dangerousFunctionscanf", "Found 'scanf'. You should use 'fgets' instead");
+    reportError(tok, Severity::style, "dangerousFunctionscanf", "Found 'scanf'. You should use 'fgets' instead\n"
+                "If reading a string the 'scanf' can easily cause a buffer overflow if the data is too big.\n"
+                "If you want to convert the input to a number a wrong input may cause a crash.");
 }