[clang-tools-extra] [clang-tidy] New bugprone-unsafe-format-string check (PR #168691)
via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 19 08:03:18 PST 2025
================
@@ -0,0 +1,73 @@
+.. title:: clang-tidy - bugprone-unsafe-format-string
+
+bugprone-unsafe-format-string
+==============================
+
+Detects usage of vulnerable format string functions with unbounded ``%s``
+specifiers that can cause buffer overflows.
+
+The check identifies calls to format string functions like ``sprintf``, ``scanf``,
+and their variants that use ``%s`` format specifiers without proper limits.
+This can lead to buffer overflow vulnerabilities when the input string is longer
+than the destination buffer.
+
+Format Specifier Behavior
+--------------------------
----------------
EugeneZelenko wrote:
```suggestion
Format Specifier Behavior
-------------------------
```
https://github.com/llvm/llvm-project/pull/168691
More information about the cfe-commits
mailing list