This is an archive of the discontinued LLVM Phabricator instance.

Differential D132294

[clang-tidy] Add check of sprintf with fixed size buffer
Needs ReviewPublic

Authored by Yoorkin on Aug 20 2022, 6:26 AM.

Details

Reviewers
alexfh
aaron.ballman
njames93
LegalizeAdulthood
Summary

Hi, I have added a clang-tidy check which proposed in this issue.
The check can finds sprintf usage like:

char buff[50];
sprintf(buff,"Hello, %s!\n","world");

And suggest counted version function instead:

warning: string to be written may exceeds the size of buffer; use snprintf instead [bugprone-sprintf-with-fixed-size-buffer]
  sprintf(buff,"Hello, %s!\n","world");
  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  snprintf(buff, sizeof(buff), "Hello, %s!\n", "world")

Diff Detail

Event Timeline

Yoorkin created this revision.Aug 20 2022, 6:26 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 20 2022, 6:26 AM
Herald added subscribers: carlosgalvezp, xazax.hun, mgorny. · View Herald Transcript
Yoorkin requested review of this revision.Aug 20 2022, 6:26 AM
Herald added a subscriber: cfe-commits. · View Herald TranscriptAug 20 2022, 6:26 AM
Eugene.Zelenko added a subscriber: Eugene.Zelenko.Aug 20 2022, 6:34 AM
Eugene.Zelenko added inline comments.
clang-tools-extra/clang-tidy/bugprone/SprintfWithFixedSizeBufferCheck.cpp
14

Unnecessary newline.

35

const auto * could be used because type is spelled in same statement.

36

Ditto.

clang-tools-extra/clang-tidy/bugprone/SprintfWithFixedSizeBufferCheck.h
30

Please add isLanguageVersionSupported (C and C++).

clang-tools-extra/docs/ReleaseNotes.rst
105

Please use first statement in documentation.

clang-tools-extra/docs/clang-tidy/checks/bugprone/sprintf-with-fixed-size-buffer.rst
7

Please omit The check and use double back-ticks for sprintf (language construct).

8

Ditto for snprintf.

15

Please separate with newline.

22

Ditto.

40

Please fix.

Eugene.Zelenko edited reviewers, added: alexfh, aaron.ballman, njames93, LegalizeAdulthood; removed: Restricted Project.Aug 20 2022, 6:35 AM
Eugene.Zelenko set the repository for this revision to rG LLVM Github Monorepo.
Harbormaster completed remote builds in B182372: Diff 454202.Aug 20 2022, 6:46 AM
Yoorkin added inline comments.Aug 20 2022, 8:05 AM
clang-tools-extra/clang-tidy/bugprone/SprintfWithFixedSizeBufferCheck.h
30

can i just simply use

bool isLanguageVersionSupported(const LangOptions &LangOpts) const override {
  return LangOpts.C99 || LangOpts.CPlusPlus11;
}

I think the check should be supported after C99 and Cpp11 standards. But i don't know whether it return true when language version is c++20 or C11

Eugene.Zelenko added inline comments.Aug 20 2022, 8:16 AM
clang-tools-extra/clang-tidy/bugprone/SprintfWithFixedSizeBufferCheck.h
30

snprintf is part of standard C library, so it could be used in early C and C++ standards.

Yoorkin updated this revision to Diff 454226.Aug 20 2022, 9:10 AM
Yoorkin marked 10 inline comments as done.

I fixed them all

Eugene.Zelenko added inline comments.Aug 20 2022, 9:13 AM
clang-tools-extra/docs/clang-tidy/checks/bugprone/sprintf-with-fixed-size-buffer.rst
7

Should be Finds. Same in Release Notes.

Yoorkin updated this revision to Diff 454228.Aug 20 2022, 9:18 AM

I fixed it. Thanks

Harbormaster completed remote builds in B182392: Diff 454228.Aug 20 2022, 11:18 AM
njames93 added a comment.Aug 20 2022, 1:57 PM

Why are we only targeting sprintf, vsprintf would also suffer from the same pitfalls.
Is there any hard reason that this check always suggests snprintf instead of sprintf_s, maybe have that dynamically controlled with an option.

clang-tools-extra/clang-tidy/bugprone/SprintfWithFixedSizeBufferCheck.cpp
37

Prefer small little edits instead of one big replacement.
So create a fix it that turns sprintf into snprintf, then create a fix it that inserts , sizeof(Buff) after the first argument.

Yoorkin updated this revision to Diff 454722.Aug 23 2022, 12:48 AM

Now it can find usage of both sprintf and vsprintf, and then change a small piece of code. Here is an option PreferSafe, when value is true, the check prefers snprintf_s vsnprintf_s over snprintf vsnprintf.

Yoorkin updated this revision to Diff 454724.Aug 23 2022, 12:55 AM

I forgot to update comments in PrintfWithFixedSizeBufferCheck.h, sorry

Harbormaster completed remote builds in B182760: Diff 454724.Aug 23 2022, 2:01 AM
njames93 added a comment.Aug 25 2022, 11:38 PM

Should this check be renamed to bugprone-sprintf-with-fixed-size-buffer?
Have you thought about an option to flag all calls to sprintf as they are typically not recommended by a lot of coding practice guides. Obviously we couldn't generate a fix-it as the buffer size may be unknown, but it could help fix someone's buffer overflow exploit.

clang-tools-extra/clang-tidy/bugprone/PrintfWithFixedSizeBufferCheck.cpp
23 ↗(On Diff #454724)
29 ↗(On Diff #454724)

Check out the mapAnyWith matcher, would simply a lot of this code.

33 ↗(On Diff #454724)

Just use hasAnyName("::sprintf", "::vsprintf"), Then in the check you can call getName to find out which one.

58–70 ↗(On Diff #454724)

Avoid string manipulation where possible.

clang-tools-extra/clang-tidy/bugprone/PrintfWithFixedSizeBufferCheck.h
27 ↗(On Diff #454724)

Let template deduction handle this.

30 ↗(On Diff #454724)

This check seems like it would have value in C code as well as C++.

Yoorkin updated this revision to Diff 458155.Sep 6 2022, 6:33 AM
Yoorkin marked 5 inline comments as done.

Maybe renamed to bugprone-sprintf-with-fixed-size-buffer would be better. I add another option FlagAllCalls to flag all calls to sprintf and vsprintf.

Harbormaster completed remote builds in B185211: Diff 458155.Sep 6 2022, 6:51 AM
Yoorkin added a comment.Sep 6 2022, 6:57 AM

I want to enable this check in both c and c++, but didn't find option LangOpt.C. For c++, we have option LangOpt.CPlusPlus. There is only some specific c standard option like C99 C11 C17 and C2X defined in LangOptions.def. Could you tell me how to do this?

LegalizeAdulthood resigned from this revision.Mar 29 2023, 8:23 AM
Herald added a subscriber: PiotrZSL. · View Herald TranscriptMar 29 2023, 8:23 AM

Revision Contents

PathSize
clang-tools-extra/
clang-tidy/
bugprone/
3 lines
1 line
45 lines
88 lines
docs/
5 lines
clang-tidy/
checks/
bugprone/
39 lines
1 line
test/
clang-tidy/
checkers/
bugprone/
33 lines

Diff 458155

clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp

Show First 20 LinesShow All 42 Lines▼ Show 20 Lines
#include "PosixReturnCheck.h" #include "PosixReturnCheck.h"
#include "RedundantBranchConditionCheck.h" #include "RedundantBranchConditionCheck.h"
#include "ReservedIdentifierCheck.h" #include "ReservedIdentifierCheck.h"
#include "SharedPtrArrayMismatchCheck.h" #include "SharedPtrArrayMismatchCheck.h"
#include "SignalHandlerCheck.h" #include "SignalHandlerCheck.h"
#include "SignedCharMisuseCheck.h" #include "SignedCharMisuseCheck.h"
#include "SizeofContainerCheck.h" #include "SizeofContainerCheck.h"
#include "SizeofExpressionCheck.h" #include "SizeofExpressionCheck.h"
#include "SprintfWithFixedSizeBufferCheck.h"
#include "SpuriouslyWakeUpFunctionsCheck.h" #include "SpuriouslyWakeUpFunctionsCheck.h"
#include "StringConstructorCheck.h" #include "StringConstructorCheck.h"
#include "StringIntegerAssignmentCheck.h" #include "StringIntegerAssignmentCheck.h"
#include "StringLiteralWithEmbeddedNulCheck.h" #include "StringLiteralWithEmbeddedNulCheck.h"
#include "StringviewNullptrCheck.h" #include "StringviewNullptrCheck.h"
#include "SuspiciousEnumUsageCheck.h" #include "SuspiciousEnumUsageCheck.h"
#include "SuspiciousIncludeCheck.h" #include "SuspiciousIncludeCheck.h"
#include "SuspiciousMemoryComparisonCheck.h" #include "SuspiciousMemoryComparisonCheck.h"
▲ Show 20 LinesShow All 89 Lines▼ Show 20 Lines CheckFactories.registerCheck<SharedPtrArrayMismatchCheck>(
"bugprone-shared-ptr-array-mismatch"); "bugprone-shared-ptr-array-mismatch");
CheckFactories.registerCheck<SignalHandlerCheck>("bugprone-signal-handler"); CheckFactories.registerCheck<SignalHandlerCheck>("bugprone-signal-handler");
CheckFactories.registerCheck<SignedCharMisuseCheck>( CheckFactories.registerCheck<SignedCharMisuseCheck>(
"bugprone-signed-char-misuse"); "bugprone-signed-char-misuse");
CheckFactories.registerCheck<SizeofContainerCheck>( CheckFactories.registerCheck<SizeofContainerCheck>(
"bugprone-sizeof-container"); "bugprone-sizeof-container");
CheckFactories.registerCheck<SizeofExpressionCheck>( CheckFactories.registerCheck<SizeofExpressionCheck>(
"bugprone-sizeof-expression"); "bugprone-sizeof-expression");
CheckFactories.registerCheck<SprintfWithFixedSizeBufferCheck>(
"bugprone-sprintf-with-fixed-size-buffer");
CheckFactories.registerCheck<SpuriouslyWakeUpFunctionsCheck>( CheckFactories.registerCheck<SpuriouslyWakeUpFunctionsCheck>(
"bugprone-spuriously-wake-up-functions"); "bugprone-spuriously-wake-up-functions");
CheckFactories.registerCheck<StringConstructorCheck>( CheckFactories.registerCheck<StringConstructorCheck>(
"bugprone-string-constructor"); "bugprone-string-constructor");
CheckFactories.registerCheck<StringIntegerAssignmentCheck>( CheckFactories.registerCheck<StringIntegerAssignmentCheck>(
"bugprone-string-integer-assignment"); "bugprone-string-integer-assignment");
CheckFactories.registerCheck<StringLiteralWithEmbeddedNulCheck>( CheckFactories.registerCheck<StringLiteralWithEmbeddedNulCheck>(
"bugprone-string-literal-with-embedded-nul"); "bugprone-string-literal-with-embedded-nul");
▲ Show 20 LinesShow All 55 LinesShow Last 20 Lines

clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt

Show All 38 Linesadd_clang_library(clangTidyBugproneModule
RedundantBranchConditionCheck.cpp RedundantBranchConditionCheck.cpp
ReservedIdentifierCheck.cpp ReservedIdentifierCheck.cpp
SharedPtrArrayMismatchCheck.cpp SharedPtrArrayMismatchCheck.cpp
SmartPtrArrayMismatchCheck.cpp SmartPtrArrayMismatchCheck.cpp
SignalHandlerCheck.cpp SignalHandlerCheck.cpp
SignedCharMisuseCheck.cpp SignedCharMisuseCheck.cpp
SizeofContainerCheck.cpp SizeofContainerCheck.cpp
SizeofExpressionCheck.cpp SizeofExpressionCheck.cpp
SprintfWithFixedSizeBufferCheck.cpp
SpuriouslyWakeUpFunctionsCheck.cpp SpuriouslyWakeUpFunctionsCheck.cpp
StringConstructorCheck.cpp StringConstructorCheck.cpp
StringIntegerAssignmentCheck.cpp StringIntegerAssignmentCheck.cpp
StringLiteralWithEmbeddedNulCheck.cpp StringLiteralWithEmbeddedNulCheck.cpp
StringviewNullptrCheck.cpp StringviewNullptrCheck.cpp
SuspiciousEnumUsageCheck.cpp SuspiciousEnumUsageCheck.cpp
SuspiciousIncludeCheck.cpp SuspiciousIncludeCheck.cpp
SuspiciousMemoryComparisonCheck.cpp SuspiciousMemoryComparisonCheck.cpp
Show All 39 Lines

clang-tools-extra/clang-tidy/bugprone/SprintfWithFixedSizeBufferCheck.h

  • This file was added.
//===--- SprintfWithFixedSizeBufferCheck.h - clang-tidy ---------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SPRINTFWITHFIXEDSIZEBUFFERCHECK_H
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SPRINTFWITHFIXEDSIZEBUFFERCHECK_H
#include "../ClangTidyCheck.h"
namespace clang {
namespace tidy {
namespace bugprone {
/// Check if `sprintf` or `vsprintf` is called with a fixed size buffer.
/// Replaced with counted versions function.
///
/// For the user-facing documentation see:
/// http://clang.llvm.org/extra/clang-tidy/checks/bugprone/sprintf-with-fixed-size-buffer.html
class SprintfWithFixedSizeBufferCheck : public ClangTidyCheck {
public:
SprintfWithFixedSizeBufferCheck(StringRef Name, ClangTidyContext *Context)
: ClangTidyCheck(Name, Context),
PreferSafe(Options.get("PreferSafe", false)),
FlagAllCalls(Options.get("FlagAllCalls", false)) {}
void storeOptions(ClangTidyOptions::OptionMap &Opts) override;
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please add isLanguageVersionSupported (C and C++).

Eugene.Zelenko: Please add `isLanguageVersionSupported` (C and C++).
YoorkinAuthorUnsubmitted
Not Done
ReplyInline Actions

can i just simply use

bool isLanguageVersionSupported(const LangOptions &LangOpts) const override {
  return LangOpts.C99 || LangOpts.CPlusPlus11;
}

I think the check should be supported after C99 and Cpp11 standards. But i don't know whether it return true when language version is c++20 or C11

Yoorkin: can i just simply use ``` bool isLanguageVersionSupported(const LangOptions &LangOpts) const…
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

snprintf is part of standard C library, so it could be used in early C and C++ standards.

Eugene.Zelenko: `snprintf` is part of standard C library, so it could be used in early C and C++ standards.
/// Registering for sprintf and vsprintf calls.
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
private:
bool PreferSafe;
bool FlagAllCalls;
};
} // namespace bugprone
} // namespace tidy
} // namespace clang
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_SPRINTFWITHFIXEDSIZEBUFFERCHECK_H

clang-tools-extra/clang-tidy/bugprone/SprintfWithFixedSizeBufferCheck.cpp

  • This file was added.
//===--- SprintfWithFixedSizeBufferCheck.cpp - clang-tidy -----------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "SprintfWithFixedSizeBufferCheck.h"
#include "clang/AST/ASTContext.h"
#include "clang/ASTMatchers/ASTMatchFinder.h"
#include "clang/Lex/Lexer.h"
#include "llvm/ADT/StringRef.h"
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Unnecessary newline.

Eugene.Zelenko: Unnecessary newline.
using namespace clang::ast_matchers;
namespace clang {
namespace tidy {
namespace bugprone {
void SprintfWithFixedSizeBufferCheck::storeOptions(
ClangTidyOptions::OptionMap &Opts) {
Options.store(Opts, "PreferSafe", PreferSafe);
Options.store(Opts, "FlagAllCalls", FlagAllCalls);
}
void SprintfWithFixedSizeBufferCheck::registerMatchers(MatchFinder *Finder) {
auto SprintfCallee =
callee(functionDecl(hasAnyName("::sprintf", "::vsprintf")));
auto HasFixedSizeBuffer =
hasArgument(0, mapAnyOf(memberExpr, declRefExpr)
.with(hasType(constantArrayType()))
.bind("FixedSizeArray"));
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

const auto * could be used because type is spelled in same statement.

Eugene.Zelenko: `const auto *` could be used because type is spelled in same statement.
Finder->addMatcher(
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Ditto.

Eugene.Zelenko: Ditto.
callExpr(allOf(HasFixedSizeBuffer, SprintfCallee)).bind("Call"), this);
njames93Unsubmitted
Not Done
ReplyInline Actions

Prefer small little edits instead of one big replacement.
So create a fix it that turns sprintf into snprintf, then create a fix it that inserts , sizeof(Buff) after the first argument.

njames93: Prefer small little edits instead of one big replacement. So create a fix it that turns…
if (FlagAllCalls) {
Finder->addMatcher(
callExpr(allOf(unless(HasFixedSizeBuffer), SprintfCallee)).bind("Call"),
this);
}
}
void SprintfWithFixedSizeBufferCheck::check(
const MatchFinder::MatchResult &Result) {
const auto *FA = Result.Nodes.getNodeAs<Expr>("FixedSizeArray");
const auto *Call = Result.Nodes.getNodeAs<CallExpr>("Call");
const auto *Callee = dyn_cast<FunctionDecl>(Call->getCalleeDecl());
StringRef Recommendation;
if (Callee->getName() == "sprintf")
Recommendation = "snprintf_s";
else if (Callee->getName() == "vsprintf")
Recommendation = "vsnprintf_s";
if (!PreferSafe) {
Recommendation = Recommendation.drop_back(2);
}
auto D =
diag(Call->getBeginLoc(), "string to be written may exceeds the size of "
"buffer; use %0 instead")
<< Recommendation << Call->getCallee()->getSourceRange();
// Generate a fix-it if detected fixed size buffer
if (FA != nullptr) {
const Expr *SecondArgument = Call->getArg(1);
;
// Insert the size of buffer after first argument.
std::string SizeofText = "sizeof(";
SizeofText += Lexer::getSourceText(
CharSourceRange::getTokenRange(FA->getSourceRange()),
*Result.SourceManager, getLangOpts());
SizeofText += "), ";
FixItHint ReplacementHint = FixItHint::CreateReplacement(
Call->getCallee()->getSourceRange(), Recommendation);
FixItHint SizeofHint =
FixItHint::CreateInsertion(SecondArgument->getBeginLoc(), SizeofText);
D << SecondArgument->getSourceRange() << ReplacementHint << SizeofHint;
}
}
} // namespace bugprone
} // namespace tidy
} // namespace clang

clang-tools-extra/docs/ReleaseNotes.rst

Show First 20 LinesShow All 93 Lines▼ Show 20 Lines
The improvements are... The improvements are...
Improvements to clang-tidy Improvements to clang-tidy
-------------------------- --------------------------
New checks New checks
^^^^^^^^^^ ^^^^^^^^^^
- New :doc:`bugprone-sprintf-with-fixed-size-buffer
<clang-tidy/checks/bugprone/sprintf-with-fixed-size-buffer>` check.
Finds usage of ``sprintf`` or ``vsprintf``, which write output string into a fixed-size array.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please use first statement in documentation.

Eugene.Zelenko: Please use first statement in documentation.
- New :doc:`cppcoreguidelines-avoid-const-or-ref-data-members - New :doc:`cppcoreguidelines-avoid-const-or-ref-data-members
<clang-tidy/checks/cppcoreguidelines/avoid-const-or-ref-data-members>` check. <clang-tidy/checks/cppcoreguidelines/avoid-const-or-ref-data-members>` check.
Warns when a struct or class uses const or reference (lvalue or rvalue) data members. Warns when a struct or class uses const or reference (lvalue or rvalue) data members.
New check aliases New check aliases
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
▲ Show 20 LinesShow All 64 LinesShow Last 20 Lines

clang-tools-extra/docs/clang-tidy/checks/bugprone/sprintf-with-fixed-size-buffer.rst

  • This file was added.
.. title:: clang-tidy - bugprone-sprintf-with-fixed-size-buffer
bugprone-sprintf-with-fixed-size-buffer
=======================================
Finds usage of ``sprintf`` or ``vsprintf``, which write output string into a fixed-size array.
It will suggest the counted versions instead.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please omit The check and use double back-ticks for sprintf (language construct).

Eugene.Zelenko: Please omit `The check` and use double back-ticks for `sprintf` (language construct).
Eugene.ZelenkoUnsubmitted
Not Done
ReplyInline Actions

Should be Finds. Same in Release Notes.

Eugene.Zelenko: Should be `Finds`. Same in Release Notes.
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Ditto for snprintf.

Eugene.Zelenko: Ditto for `snprintf`.
It's a common idiom to have a fixed-size buffer of characters allocated on
the stack and then to printf into the buffer. It may be leading to errors if the
string to be written exceeds the size of the array pointed to by buffer.
Example:
.. code-block:: c++
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please separate with newline.

Eugene.Zelenko: Please separate with newline.
void f(){
char buff[80];
sprintf(buff, "Hello, %s!\n", "world");
}
Becomes:
.. code-block:: c++
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Ditto.

Eugene.Zelenko: Ditto.
void f(){
char buff[80];
snprintf(buff, sizeof(buff), "Hello, %s!\n", "world");
}
Options
-------
.. option:: PreferSafe
When `true`, prefer to use ``snprintf_s`` ``vsnprintf_s`` over ``snprintf`` ``vsnprintf``.
Default is `false`.
.. option:: FlagAllCalls
Flag all calls to ``sprintf`` and ``vsprintf``.
Default is `false`
Eugene.ZelenkoUnsubmitted
Done
ReplyInline Actions

Please fix.

Eugene.Zelenko: Please fix.

clang-tools-extra/docs/clang-tidy/checks/list.rst

Show First 20 LinesShow All 108 Lines▼ Show 20 Lines.. csv-table::
`bugprone-posix-return <bugprone/posix-return.html>`_, "Yes" `bugprone-posix-return <bugprone/posix-return.html>`_, "Yes"
`bugprone-redundant-branch-condition <bugprone/redundant-branch-condition.html>`_, "Yes" `bugprone-redundant-branch-condition <bugprone/redundant-branch-condition.html>`_, "Yes"
`bugprone-reserved-identifier <bugprone/reserved-identifier.html>`_, "Yes" `bugprone-reserved-identifier <bugprone/reserved-identifier.html>`_, "Yes"
`bugprone-shared-ptr-array-mismatch <bugprone/shared-ptr-array-mismatch.html>`_, "Yes" `bugprone-shared-ptr-array-mismatch <bugprone/shared-ptr-array-mismatch.html>`_, "Yes"
`bugprone-signal-handler <bugprone/signal-handler.html>`_, `bugprone-signal-handler <bugprone/signal-handler.html>`_,
`bugprone-signed-char-misuse <bugprone/signed-char-misuse.html>`_, `bugprone-signed-char-misuse <bugprone/signed-char-misuse.html>`_,
`bugprone-sizeof-container <bugprone/sizeof-container.html>`_, `bugprone-sizeof-container <bugprone/sizeof-container.html>`_,
`bugprone-sizeof-expression <bugprone/sizeof-expression.html>`_, `bugprone-sizeof-expression <bugprone/sizeof-expression.html>`_,
`bugprone-sprintf-with-fixed-size-buffer <bugprone/sprintf-with-fixed-size-buffer.html>`_, "Yes"
`bugprone-spuriously-wake-up-functions <bugprone/spuriously-wake-up-functions.html>`_, `bugprone-spuriously-wake-up-functions <bugprone/spuriously-wake-up-functions.html>`_,
`bugprone-string-constructor <bugprone/string-constructor.html>`_, "Yes" `bugprone-string-constructor <bugprone/string-constructor.html>`_, "Yes"
`bugprone-string-integer-assignment <bugprone/string-integer-assignment.html>`_, "Yes" `bugprone-string-integer-assignment <bugprone/string-integer-assignment.html>`_, "Yes"
`bugprone-string-literal-with-embedded-nul <bugprone/string-literal-with-embedded-nul.html>`_, `bugprone-string-literal-with-embedded-nul <bugprone/string-literal-with-embedded-nul.html>`_,
`bugprone-stringview-nullptr <bugprone/stringview-nullptr.html>`_, "Yes" `bugprone-stringview-nullptr <bugprone/stringview-nullptr.html>`_, "Yes"
`bugprone-suspicious-enum-usage <bugprone/suspicious-enum-usage.html>`_, `bugprone-suspicious-enum-usage <bugprone/suspicious-enum-usage.html>`_,
`bugprone-suspicious-include <bugprone/suspicious-include.html>`_, `bugprone-suspicious-include <bugprone/suspicious-include.html>`_,
`bugprone-suspicious-memory-comparison <bugprone/suspicious-memory-comparison.html>`_, `bugprone-suspicious-memory-comparison <bugprone/suspicious-memory-comparison.html>`_,
▲ Show 20 LinesShow All 370 LinesShow Last 20 Lines

clang-tools-extra/test/clang-tidy/checkers/bugprone/sprintf-with-fixed-size-buffer.cpp

  • This file was added.
// RUN: %check_clang_tidy %s bugprone-sprintf-with-fixed-size-buffer %t
#include <stdio.h>
void f(){
char buff[80];
sprintf(buff, "Hello, %s!\n", "world");
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: string to be written may exceeds the size of buffer; use snprintf instead [bugprone-printf-with-fixed-size-buffer]
// CHECK-FIXES: snprintf(buff, sizeof(buff), "Hello, %s!\n", "world");
}
char sbuff[80];
void f2(){
sprintf(sbuff, "Hello, %s!\n", "world");
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: string to be written may exceeds the size of buffer; use snprintf instead [bugprone-printf-with-fixed-size-buffer]
// CHECK-FIXES: snprintf(sbuff, sizeof(sbuff), "Hello, %s!\n", "world");
}
void f3(){
char *dynamic_sized_buff = nullptr;
sprintf(dynamic_sized_buff, "Hello, %s!\n", "world");
}
void f4(const char * format, ... ){
char buff[100];
va_list args;
va_start(args, format);
vsprintf(buff, format, args);
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: string to be written may exceeds the size of buffer; use vsnprintf instead [bugprone-printf-with-fixed-size-buffer]
// CHECK-FIXES: vsnprintf(buff, sizeof(buff), format, args);
va_end(args);
}