[cfe-dev] [RFC] Adding warnings against usage of %n
David Blaikie via cfe-dev
cfe-dev at lists.llvm.org
Sun Nov 7 07:56:50 PST 2021
+Richard Trieu <rtrieu at google.com> for diagnostic perspectives
On Sun, Nov 7, 2021 at 7:26 AM Jayson Yan via cfe-dev <
cfe-dev at lists.llvm.org> wrote:
> Hello everyone,
>
> We’re interested in warning against the usage of the “%n” format string
> specifier to discourage developers from using this potentially unsafe
> format specifier.
>
> We were thinking of enabling this as a warning under the -Wformat-security
> flag but are open to alternatives, some ideas were:
>
> -
>
> Placing this check under its own flag (something along the lines of
> “-Wformat-n”) and possibly enabling it with -Wformat or -Wformat-security
>
>
> -
>
> Adding a check to clang-tidy
> -
>
> Setting the default configuration based on the target triple (target
> runtimes may disallow %n altogether and we could detect this based on the
> target triple)
>
>
> Interested in any thoughts on:
>
> -
>
> How should we enable this? (eg. flags, clang-tidy, etc)
> -
>
> Should we surface this as an error or a warning?
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211107/497d7d9c/attachment-0001.html>
More information about the cfe-dev
mailing list