[clang-tools-extra] Add bugprone-undefined-sprintf-overlap (PR #114244)

Julian Schmidt via cfe-commits cfe-commits at lists.llvm.org
Sat Nov 9 16:39:19 PST 2024 

================
@@ -0,0 +1,82 @@
+//===--- UndefinedSprintfOverlapCheck.cpp - clang-tidy --------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "UndefinedSprintfOverlapCheck.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+#include "clang/Lex/Lexer.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang::tidy::bugprone {
+
+AST_MATCHER_P(IntegerLiteral, hasSameValueAs, std::string, ID) {
+  return Builder->removeBindings(
+      [this, &Node](const ast_matchers::internal::BoundNodesMap &Nodes) {
+        const DynTypedNode &BN = Nodes.getNode(ID);
+        if (const auto *Lit = BN.get<IntegerLiteral>()) {
+          return Lit->getValue() != Node.getValue();
+        }
+        return true;
+      });
+}
+
+UndefinedSprintfOverlapCheck::UndefinedSprintfOverlapCheck(
+    StringRef Name, ClangTidyContext *Context)
+    : ClangTidyCheck(Name, Context),
+      SprintfRegex(Options.get("SprintfFunction", "(::std)?::(sn?printf)")) {}
+
+void UndefinedSprintfOverlapCheck::registerMatchers(MatchFinder *Finder) {
+  auto FirstArg = declRefExpr(to(varDecl().bind("firstArgDecl")));
+  auto OtherRefToArg = declRefExpr(to(varDecl(equalsBoundNode("firstArgDecl"))))
+                           .bind("overlappingArg");
+  Finder->addMatcher(
+      callExpr(
+          callee(functionDecl(matchesName(SprintfRegex)).bind("decl")),
+          allOf(hasArgument(
+                    0, expr(anyOf(FirstArg,
+                                  arraySubscriptExpr(
+                                      hasBase(FirstArg),
+                                      hasIndex(integerLiteral().bind("index"))),
+                                  memberExpr(member(decl().bind("member")),
+                                             hasObjectExpression(FirstArg))))
+                           .bind("firstArgExpr")),
----------------
5chmidti wrote:

Together with `Expr::hasSideEffects`, this could work and detect more cases.

Not overlapping due to side-effect (this isn't good of course: `clang-diagnostic-unsequenced`)
```c++
void foo(char**buf) {
  int i = 0;
  sprintf(buf[++i], "%s", buf[++i]);
}
```

One issue is, that `Expr::hasSideEffects` is relatively simple, and would ignore things like `std::vector<T>::operator[]`, because it is not marked with the `const` or `pure` attributes.

https://github.com/llvm/llvm-project/pull/114244

More information about the cfe-commits mailing list