[clang-tools-extra] Add bugprone-undefined-sprintf-overlap (PR #114244)
Julian Schmidt via cfe-commits
cfe-commits at lists.llvm.org
Sat Nov 9 16:09:15 PST 2024
https://github.com/5chmidti requested changes to this pull request.
There are some false-negatives that exist for this check:
E.g.,
```c++
// from tests
char bufss[10][10][10];
sprintf(bufss[0][1], "%s", bufss[0][1]);
```
or `*( *(bufss + 0) + 1)`. Though these can border on requiring, e.g., symbolic execution due to the potential complexity, and there is IMO no need to support expressions that are arbitrarily complex, but two levels of pointer indirections sounds like a solid basis to me. (the note on complexity also applies to the other points)
Also, `obj.bufs[1]`.
The check is also only considering subscript operators that are using integer literals as offsets, and not expressions that evaluate to a constant at compile time (`1+1`), or plain variables. If the expression inside `[]` has no side effects, they will be the same and the access is overlapping: `sprintf(bufs[n], "%s". bufs[n])`.
WDYT? It would be nice to have some of those cases detectable
https://github.com/llvm/llvm-project/pull/114244
More information about the cfe-commits
mailing list