[PATCH] D112913: Misleading bidirectional detection
serge via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Jan 11 09:23:49 PST 2022
serge-sans-paille added a comment.
In D112913#3233699 <https://reviews.llvm.org/D112913#3233699>, @upsuper wrote:
> I'd like to clarify that what I think is correct now is the algorithm to detect unclosed explicit formatting scopes in a given string.
Thanks for confirming. This check only detects unterminated bidi sequence within comments and string literals. Its scope limits to that aspect.
> I haven't been following very closely with the whole spoofing issue, so I can't say that there is no other ways to construct a spoof that this algorithm is not designed to detect.
Agreed. FYI we already have a check for RTL characters ending identfiers, and a pending one for confusable identifiers
> As you have found, `RLM`, and `ALM` can be used to confuse code reader, but they are not much different than a string with other strong RTL characters inside, and I don't quite see how that can be linted without hurting potentially legitimate code. Maybe if the compiler supports treating `LRM` as whitespace (I'm not sure whether Clang does), a lint may be added to ask wrapping any string with outermost strong characters being RTL in the form of `{LRM}"string"{LRM}` so that the RTL characters don't affect outside. Other than that, I don't think there is anyway to lint against such a confusion.
I agree that allowing `LRM` is a good step forward, and that's part of the official recommendation, but orthogonal to that review.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D112913/new/
https://reviews.llvm.org/D112913
More information about the cfe-commits
mailing list