aaron.ballman added a comment. The trouble with this diagnostic is that it throws the baby out with the bathwater. It is possible to securely use `%n`, so we can't have this warning be on by default because it will have too high of a false positive rate. However, we typically don't introduce new warning flags that are off by default because experience has shown that users typically do not enable those.
Can we reduce the diagnostic's scope to only the problematic uses of `%n` instead of all uses? If all uses is the desired diagnostic, have you considered adding it to the `bugprone` module in clang-tidy instead? Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D110436/new/ https://reviews.llvm.org/D110436 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
