<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/116570>116570</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [libc++][format][hardening] Consider verifying character arrays being null-terminated
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            libc++,
            hardening,
            format
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          frederick-vs-ja
      </td>
    </tr>
</table>

<pre>
    [[format.arg]/6.9](https://eel.is/c++draft/format.arg#6.9) states:

> otherwise, if `decay_t<TD>` is `char_type*` or `const char_type*`, initializes value with `static_cast<const char_type*>(v)`;

And there're _Preconditions_ specified in [[format.arg]/5](https://eel.is/c++draft/format.arg#5):
> _Preconditions_: If `decay_t<T>` is `char_type*` or `const char_type*`, `static_cast<const char_type*>(v)` points to a NTCTS ([defns.ntcts]).

When `TD` is a character array type (of known bound), it should be possible to verify that the sequence is null-terminated.

Discovered when handling #115935. This should be done after the handling of character arrays gets fixed.
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyklEGv4jYQxz-NcxkRxTaB5JDDgzykXqpKReoROfEkmV1jU9uB0k9fOY--Zele2l7AGWfm__dvPFEh0GgRG1buWNlmao6T883gUaOn_uvqGlZfVNY5ff94ZTc4f1YxV35kZcvEYZPXy6KaYrwEJt-YODBxQDQ5BSYOPRM7JnbaqyEycXhKFzLlihpCVBGX1KJlxd-_8h1cnNDfKCATe6AB2KbQ2Kv7KTK5P7ZMvrNNARTSRj8pf4r3CzLxlqLOL1FnQ4SXvaWapUjK0J8Y4KrMjHCjOKWU5Ib6U69CUvlBAfnORHVlok6l5O7Z9JvVkDwjE1uPcPrFY--spkjOhhOEC_Y0EGogCz_GWf5nmGVyJJ_ovagz-QY_vTL8Pwj_LSu4OLIxQHSg4Ofj_vgrMFGxcqdxsCG3sY9hOX2dPzP9bUKbtI7tw6laJFQf0YPyXt0hqaVaboCv1t0sdG62OqmmTkcIk5uNhg7h4kKgzmAycUVPwx3ipGJqGgT8fUbbY9KwszGriP5MVkXU3xlqKfTuih413JK3SVltyI7AhOS8rGWZw3Gi8CSrnUVQQ3KclD4z3PB6lgAjxgAD_YE6z3QjdS1rlWHDt5JXdVnLIpua7TAMFS-rzWarBi04F2u9XsttpaoS9YZn1IhCrDnnVSG44EWOiFJUOGy2fN2j5mxd4FmRyY25nnPnx4xCmLHhfFNui8yoDk1YRl4IQ93j4jEhmNgzISblNVqy42fk4y6mx7LNfJPKrrp5DGxdGAoxfBOKFM3ywXmqW7afs_Cx_iZQtrB3NpBG_2hZIvcPbB2m8Evfstmb5vtZGilOc5f37szEIXl6_K0u3n3BPo3VQiKN2wPGtRF_BQAA__93p51t">