llvm
diff --git a/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/optin.osx.OSObjectCStyleCast.rst‎
Lines changed: 0 additions & 9 deletions b/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/optin.osx.OSObjectCStyleCast.rst‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/osx.MIG.rst‎
Lines changed: 0 additions & 9 deletions b/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/osx.MIG.rst‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/osx.OSObjectRetainCount.rst‎
Lines changed: 0 additions & 9 deletions b/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/osx.OSObjectRetainCount.rst‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/security.PutenvStackArray.rst‎
Lines changed: 9 additions & 4 deletions b/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/security.PutenvStackArray.rst‎
Lines changed: 9 additions & 4 deletions
diff --git a/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/security.SetgidSetuidOrder.rst‎
Lines changed: 10 additions & 4 deletions b/‎clang-tools-extra/docs/clang-tidy/checks/clang-analyzer/security.SetgidSetuidOrder.rst‎
Lines changed: 10 additions & 4 deletions
@@ -3,8 +3,13 @@
 clang-analyzer-security.PutenvStackArray
 ========================================
 
-Finds calls to the function 'putenv' which pass a pointer to an automatic
-(stack-allocated) array as the argument.
+Finds calls to the putenv function which pass a pointer to a stack-allocated
+(automatic) array as the argument. Function putenv does not copy the passed
+string, only a pointer to the data is stored and this data can be read even by
+other threads. Content of a stack-allocated array is likely to be overwritten
+after exiting from the function.
 
-The clang-analyzer-security.PutenvStackArray check is an alias of
-Clang Static Analyzer security.PutenvStackArray.
+The `clang-analyzer-security.PutenvStackArray` check is an alias, please see
+`Clang Static Analyzer Available Checkers
+<https://clang.llvm.org/docs/analyzer/checkers.html#security-putenvstackarray-c>`_
+for more information.
@@ -3,8 +3,14 @@
 clang-analyzer-security.SetgidSetuidOrder
 =========================================
 
-Warn on possible reversed order of 'setgid(getgid()))' and 'setuid(getuid())'
-(CERT: POS36-C).
+The checker checks for sequences of ``setuid(getuid())`` and ``setgid(getgid())``
+calls (in this order). If such a sequence is found and there is no other
+privilege-changing function call (``seteuid``, ``setreuid``, ``setresuid`` and
+the GID versions of these) in between, a warning is generated. The checker finds
+only exactly ``setuid(getuid())`` calls (and the GID versions), not for example
+if the result of ``getuid()`` is stored in a variable.
 
-The clang-analyzer-security.SetgidSetuidOrder check is an alias of
-Clang Static Analyzer security.SetgidSetuidOrder.
+The `clang-analyzer-security.SetgidSetuidOrder` check is an alias, please see
+`Clang Static Analyzer Available Checkers
+<https://clang.llvm.org/docs/analyzer/checkers.html#security-setgidsetuidorder-c>`_
+for more information.