dkrupp wrote: > Missing Release Notes entry. > > How about custom `printf/scanf` functions? > > Are similar functionality covered by `-Wformat` or Clang Static Analyzer? There are related checkers, but they warn for different cases
-Wformat detects different cases. -Wformat-overflow is the closest, but it detects cases where the width specifier is present, but proven to be larger than the destination buffer. This check however always requieres the width specifier to be present. Clang Static Analyzer has a checker bans certain unsafe functions altogether, like scanf : https://clang.llvm.org/docs/analyzer/checkers.html#security-insecureapi-deprecatedorunsafebufferhandling-c this check is less strict. https://github.com/llvm/llvm-project/pull/168691 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
