<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/73452>73452</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [-Wunsafe-buffer-usage]: false negative on smart pointers
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          juanvazquez
      </td>
    </tr>
</table>

<pre>
    C++ Smart Pointers (for example std::unique_ptr) have an `operator[]` that provides access to elements of an array managed by the smart pointer.

As far as I can tell, the `operator[]` for smart pointers cannot be hardened by the libc++ because the smart pointer doesn't store size information about the underlying array.

Hence it would be convenient have accesses flagged with `-Wunsafe-buffer-usage`. But that's not the case today. 

Example:

```cpp
#include <memory>

void foo() {
 std::unique_ptr<char[]> ptr = std::make_unique<char[]>(16);
  ptr[0]; // -Wunsafe-buffer-usage does not warn about it
}

void bar() {
 char *arr = new char[5];
  arr[4]; // -Wunsafe-buffer-usage does warns about it
}

int main() {
  bar();
  foo();
  return 0;
}
```

Running `-Wunsafe-buffer-usage` in the example correctly warns the function bar(), but doesn't emit any warning on the function foo():

```
/tmp/test.cc:10:3: warning: unsafe buffer access [-Wunsafe-buffer-usage]
   10 |   arr[4];
      | ^~~
/tmp/test.cc:10:3: note: pass -fsafe-buffer-usage-suggestions to receive code hardening suggestions
```

I think that accessing the elements via `std::unique_ptr::operator[]` emits a `CXXOperatorCallExpr` instead of a `ArraySubscriptExpr`, hence the `-Wunsafe-buffer-usage` analysis do not flag them.

I think would be convenient to flag accesses to memory via smart pointers via `operator[]`, that could be out of bounds. What do you think? Any feedback?
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyMVk2P2jwX_TVmcwVKHEhgwQKYQW9X76Oni3ZX3Tg3xG1ip_5gShf97Y_sJAMd6KjSKENsn9xz7sdJ0Fp5UkRbttqz1dMMvWu02X71qM7487unn7NSV5ftgfE943v42KFx8I-WypGxwPi61gboB3Z9S2BdxbIdy3Zeye-evvTOML6BBs8EqIDlie7JoNNmCMfyBFyDDnqjz7IiCygEWQtOA7XUkXIWdB2waAxeoEOFJ6qgvIBrCGxk0w9sFix5YsluuO4s1GgALXwAgQoctS3jh4h6SCPI-O1xNuCUdlASNGgqUte4rSzFmJCSBHpL93Sg0mQV44UD67QhsPIngVS1Nh06qRVgqb2LQK8qMu1FqtOg8zcp_yMlCKSDF-3bKtARWp1JSVJuTG1MGlmoWzyF9LxI1wSZ809eWaxpXvq6JjP3Fk_E8mQB-xgZHeOFhaAy0BAYhOgKLwu4ZfA8lDeU9maV5cnwJ_p-XOGZVKL1FQHLDh112lxY9nwLOmtZQa014-vQGazYD-sPWyc7iAanGmXP0DsDLHu6nu3wG30ZAG8PM75Oc8Y3LJsiBDhb7ZO4vwfGj4wf4WGKYu1iWl7QTIWSbhRSPN0pKtHcKQp0gPEdmoG1ohcYKa4GDhMxNGFx-dfEAin7PiupHHQo1R2rK9UbAq8FuVkz5LxRkLwuXSNMhb8N-K9XKvTvO10HUsU2m9xCaGNIuPYyCgp7tVciDseVJj9A6d3NOFEnHaAaYCGmVr9jb-Q87tipXY-u68OVrFsIwbJdmrBsl7FsNz07_BzUwKBmcii22j_WuXqaMghpAqw4wJsCv24DxG22ev716y8YKe3CCEKP1sK8vos8t_50IhsyEA3UkCB5DmmuJgcLybo59U45P4BrpPo2uPMgOYBj-SZjPksM5X44ueH-3mRD5SxE1OHz5_-P-wds2-cfvRlaxDrCKpp-OLYLdvjRl1YY2bvxVGiJJrriaOd_7DhU2F6stFDpOM7BIAOoWzwS-8hgnR5Arx7rNAzOFvW_eWWMKblTPrx60IGYQoTZ1TWU2qvKLuBT2Kw0XLQfyLDsCDt1gZqoKlGE-1m1zapNtsEZbdMiSZN0vVkWs2YrKr7e5Mg3RVXUS8HThBd1VZRllidlsclncssTnqUpz9MiXS3zxbrmPK2XZb5BSkResGVCHcp20bbnbqHNaSat9bQtsuWKz1osqbXxE4HzYGNxk3EevhjMNmDmpT9ZtkxaaZ29PsVJ18Zviz_OSraDGltLoOiELvSrVm-yOvOm3TbO9Tb0VXTHk3SNLxdCd4wfQ7Tx37w3-isJx_gxcrSMH6OG_wIAAP__Q8zJlA">