================ @@ -218,7 +218,7 @@ void VLASizeChecker::reportTaintBug(const Expr *SizeE, ProgramStateRef State, SmallString<256> buf; llvm::raw_svector_ostream os(buf); os << "Declared variable-length array (VLA) "; - os << "has tainted size"; + os << "has a tainted (attacker controlled) size that can be 0 or negative"; ---------------- NagyDonat wrote:
```suggestion os << "has tainted (attacker controlled) size that can be 0 or negative"; ``` I feel that the indefinite article "sounds strange" in this message, because the size of an array is a specific unique value. Another alternative would be "The size of the variable-length array (VLA) is a tainted value that can be 0 or negative" or something similar. Of course the tests need to be updated if you change this message. https://github.com/llvm/llvm-project/pull/68140 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
