[cfe-dev] [RFC] Adding warnings against usage of %n
Jayson Yan via cfe-dev
cfe-dev at lists.llvm.org
Tue Sep 21 07:34:41 PDT 2021
Hello everyone,
We’re interested in warning against the usage of the “%n” format string
specifier to discourage developers from using this potentially unsafe
format specifier.
We were thinking of enabling this as a warning under the -Wformat-security
flag but are open to alternatives, some ideas were:
-
Placing this check under its own flag (something along the lines of
“-Wformat-n”) and possibly enabling it with -Wformat or -Wformat-security
-
Adding a check to clang-tidy
-
Setting the default configuration based on the target triple (target
runtimes may disallow %n altogether and we could detect this based on the
target triple)
Interested in any thoughts on:
-
How should we enable this? (eg. flags, clang-tidy, etc)
-
Should we surface this as an error or a warning?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20210921/8eb3e908/attachment-0001.html>
More information about the cfe-dev
mailing list