CPP: Update the qhelp.

Author: geoffw0

cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.qhelp

@@ -5,13 +5,15 @@
 <overview>
 <p>This rule finds calls to functions that are dangerous to
 use. Currently, it checks for calls
-to <code>gets</code> and <code>gmtime</code>. See <strong>Related rules</strong>
-below for rules that identify other dangerous functions.</p>
+to <code>gets</code>, <code>gmtime</code>, <code>localtime</code>,
+<code>ctime</code> and <code>asctime</code>. See <strong>Related
+rules</strong> below for rules that identify other dangerous functions.</p>
 
 <p>The <code>gets</code> function is one of the vulnerabilities exploited by the Internet Worm of 1988, one of the first computer worms to spread through the Internet.  The <code>gets</code> function provides no way to limit the amount of data that is read and stored, so without prior knowledge of the input it is impossible to use it safely with any size of buffer.</p>
 
-<p>The <code>gmtime</code> function fills data into a <code>tm</code>
-struct in shared memory and then returns a pointer to that struct. If
+<p>The time related functions such as <code>gmtime</code>
+fill data into a <code>tm</code> struct or <code>char</code> array in
+shared memory and then returns a pointer to that memory. If
 the function is called from multiple places in the same program, and
 especially if it is called from multiple threads in the same program,
 then the calls will overwrite each other's data.</p>
@@ -26,6 +28,11 @@ With <code>gmtime_r</code>, the application code manages allocation of
 the <code>tm</code> struct. That way, separate calls to the function
 can use their own storage.</p>
 
+<p>Similarly replace calls to <code>localtime</code> with
+<code>localtime_r</code>, calls to <code>ctime</code> with
+<code>ctime_r</code> and calls to <code>asctime</code> with
+<code>asctime_r</code>.</p>
+
 </recommendation>
 <example>
 <p>The following example checks the local time in two ways:</p>