ThanSin02426 wrote: > #168691 does similar things. 🤔
Hi @zwuis While both checks help prevent buffer overflows, they take different approaches. PR #168691 parses the format string to warn about unbounded %s specifiers. While my check looks at the destination buffer to see if it's a fixed-size array, and provides an automated Fix-It to safely refactor the code by replacing sprintf with snprintf and injecting the sizeof(buffer) argument. Because this provides a direct, automated code-upgrade path for a specific legacy idiom, I think it adds distinct value alongside a format-string parser! https://github.com/llvm/llvm-project/pull/182823 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
