[PATCH] D110436: Add %n format specifier warning
Aaron Ballman via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Oct 5 12:01:57 PDT 2021
aaron.ballman added a comment.
The trouble with this diagnostic is that it throws the baby out with the bathwater. It is possible to securely use `%n`, so we can't have this warning be on by default because it will have too high of a false positive rate. However, we typically don't introduce new warning flags that are off by default because experience has shown that users typically do not enable those.
Can we reduce the diagnostic's scope to only the problematic uses of `%n` instead of all uses? If all uses is the desired diagnostic, have you considered adding it to the `bugprone` module in clang-tidy instead?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D110436/new/
https://reviews.llvm.org/D110436
More information about the cfe-commits
mailing list