================
@@ -12383,6 +12383,13 @@ def warn_unsafe_buffer_operation : Warning<
"%select{unsafe pointer operation|unsafe pointer arithmetic|"
"unsafe buffer access|function introduces unsafe buffer manipulation|unsafe
invocation of span::data}0">,
InGroup<UnsafeBufferUsage>, DefaultIgnore;
+def warn_unsafe_buffer_libc_call : Warning<
+ "function %0 introduces unsafe buffer access">,
+ InGroup<UnsafeBufferUsage>, DefaultIgnore;
+def note_unsafe_buffer_printf_call : Note<
+ "%select{| change to 'snprintf' for explicit bounds checking | buffer
pointer and size may not match"
+ "| use 'std::string::c_str' or string literal as string pointer to
guarantee null-termination"
----------------
ziqingluo-90 wrote:
> Have we tried getting data from a real project?
Yes! Basically these special handlings are all corresponding to actual cases in
our downstream projects.
>I think for this warning in particular, it's valuable to point the user to the
>specific %s argument. To, at least, make sure that they know we don't mean the
>snprintf's target string or something.
I will let the notes point to specific argument source locations. For better
note messages, we could do it in a follow-up patch?
https://github.com/llvm/llvm-project/pull/101583
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
