[clang-tools-extra] [clang-tidy] New bugprone-unsafe-format-string check (PR #168691)

via cfe-commits cfe-commits at lists.llvm.org
Wed Nov 19 02:52:58 PST 2025 

github-actions[bot] wrote:

<!--LLVM CODE FORMAT COMMENT: {clang-format}-->


:warning: C/C++ code formatter, clang-format found issues in your code. :warning:

<details>
<summary>
You can test this locally with the following command:
</summary>

``````````bash
git-clang-format --diff origin/main HEAD --extensions cpp,h,c -- clang-tools-extra/clang-tidy/bugprone/UnsafeFormatStringCheck.cpp clang-tools-extra/clang-tidy/bugprone/UnsafeFormatStringCheck.h clang-tools-extra/test/clang-tidy/checkers/bugprone/Inputs/unsafe-format-string/system-header-simulator.h clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-format-string.c clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-format-string.cpp clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp --diff_from_common_commit
``````````

:warning:
The reproduction instructions above might return results for more than one PR
in a stack if you are using a stacked PR workflow. You can limit the results by
changing `origin/main` to the base branch/commit you want to compare against.
:warning:

</details>

<details>
<summary>
View the diff from clang-format here.
</summary>

``````````diff
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 15e8a6c3a..940d13bf6 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -106,8 +106,8 @@
 #include "UnhandledSelfAssignmentCheck.h"
 #include "UnintendedCharOstreamOutputCheck.h"
 #include "UniquePtrArrayMismatchCheck.h"
-#include "UnsafeFunctionsCheck.h"
 #include "UnsafeFormatStringCheck.h"
+#include "UnsafeFunctionsCheck.h"
 #include "UnusedLocalNonTrivialVariableCheck.h"
 #include "UnusedRaiiCheck.h"
 #include "UnusedReturnValueCheck.h"
diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFormatStringCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFormatStringCheck.cpp
index cd8f6b85e..48a05aa27 100644
--- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFormatStringCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFormatStringCheck.cpp
@@ -61,11 +61,15 @@ void UnsafeFormatStringCheck::check(const MatchFinder::MatchResult &Result) {
   if (!hasUnboundedStringSpecifier(FormatString, IsScanfFamily))
     return;
 
-  auto Diag = diag(Call->getBeginLoc(),
-                   IsScanfFamily
-                     ? "format specifier '%%s' without field width may cause buffer overflow; consider using '%%Ns' where N limits input length"
-                     : "format specifier '%%s' without precision may cause buffer overflow; consider using '%%.Ns' where N limits output length")
-              << Call->getSourceRange();
+  auto Diag =
+      diag(
+          Call->getBeginLoc(),
+          IsScanfFamily
+              ? "format specifier '%%s' without field width may cause buffer "
+                "overflow; consider using '%%Ns' where N limits input length"
+              : "format specifier '%%s' without precision may cause buffer "
+                "overflow; consider using '%%.Ns' where N limits output length")
+      << Call->getSourceRange();
 }
 
 bool UnsafeFormatStringCheck::hasUnboundedStringSpecifier(StringRef Fmt,

``````````

</details>


https://github.com/llvm/llvm-project/pull/168691

More information about the cfe-commits mailing list