<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Issue</th>
<td>
<a href=https://github.com/llvm/llvm-project/issues/131936>131936</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>
[clang-tidy] Check request: bugprone-avoid-invalid-format-string
</td>
</tr>
<tr>
<th>Labels</th>
<td>
clang-tidy
</td>
</tr>
<tr>
<th>Assignees</th>
<td>
</td>
</tr>
<tr>
<th>Reporter</th>
<td>
denzor200
</td>
</tr>
</table>
<pre>
Needs a check that will find incorrect format strings and point them out. This check will not provide fix-it hints.
```
int number = 42;
printf("Value: %s\n", number); // BAD - expected string but an integer was passed
printf("Numbers: %d, %d\n", 42); // BAD - wrong number of arguments
printf("String: %.*s\n", "Hello world"); // BAD - %.*s requires two arguments
const char* user_input = get_user_input();
printf(user_input); // BAD - format string vulnerability
printf("Numbers: %d, %d\n", 100, 200); // OK
constexpr const char* no_user_input = get_format();
printf(no_user_input); // OK
```
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJyUlEGPqzYQxz-NuYyIzBCScODAbhRVqvR6aNXryuAB3Do2tYdkt5--grDdZN-20ossjeRo5jf__4xRMZreEVWieBLFMVETDz5UmtzfPqCUSeP1WyVk_Y1IR1DQDtT-CTwohquxFjrjNBjX-hCoZeh8OCuGyMG4PoJyGkZvHAMPdAY_8QZ-G0xcyywVnGcYg78YTdCZ19QwDMZx3AhZz2cn1yPruZCbzg0FEPkRtijyJyHrMRjHncCDQPxd2YlEXoPAIori2QlEgc9rmsBS5E9w_xN4EniCp_oIKdDrSC2TXgVAMzEoB8Yx9RTgqiKMKkbSn6jflupx5eoZuMQP_ha_Yz-Qr8G7_l2c70CFfjqT4_iJ9OvS2AraCKzvRQrEn8haD1cfrF4uV-YD6z0TAv01mUAR-OofiK13kaEdVBBYwxQpvBg3TrzY3hO_fFwtbZWfBnH_93eO_5cFD7sDl8k6Cqox1vDbD9udSTkHnMO_Day0X35-V0ivY4BHrc6_fCH31tqXUh8S_kftPfx-pxNd5brMS5VQle23mG9lVu6ToSq77FAeCq3yre7yTGFDbZkdUBUH2arDPjEVSixknh0wxzzbb-SOip3e7Ul2qjm0jdhKOitjN9Zezhsf-sTEOFGV5VmZ7xKrGrJxefmIrVWuT9not9nB4piEas5Km6mPYiutiRw_6rBhu3wz7tKKIzwvr3reKoo8T6eZ-jF4R6m6eKNT4y7KGp3e7Exvk06mYKuBeZzneXOpNzxMzab1Z4GnGbqGdAz-D2pZ4GlREgWeVjGXCv8JAAD__6qYcao">