[cfe-dev] static or dynamic code analysis for undefined behavior in sprintf
Arnaud Bienner via cfe-dev
cfe-dev at lists.llvm.org
Tue Jan 25 14:57:35 PST 2022
Hi,
Today I came across the exact same bug as described in this SO post:
https://stackoverflow.com/questions/1283354/is-sprintfbuffer-s-buffer-safe
sprintf(buffer, "%s", buffer) has undefined behavior. And as it turns out,
this code fails on the new platform where I'm porting this legacy code,
while it was working on the old platform.
Unless I missed something, It looks like there is no clang-tidy check, nor
anything implemented for UB sanitizer.
Is there any reason for this? Did someone try to work on this in the past?
If not, but if you think this could be of interest, I can try to write a
patch for this.
What do you think would be the best place to have such a check?
I feel like UB sanitizer would catch more errors than static analyzer,
which will have a hard time catching more complex cases e.g. when two
variables point to the same address.
Still, it might be useful to have basic checks for clang-tidy to catch
obvious cases.
Kind regards,
Arnaud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20220125/8874d6cf/attachment.html>
More information about the cfe-dev
mailing list