https://github.com/NagyDonat updated https://github.com/llvm/llvm-project/pull/176191
From e955cd0e6f5afef9bb8c6f1d3d75eea88de4bce8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <[email protected]> Date: Thu, 15 Jan 2026 16:38:16 +0100 Subject: [PATCH 1/6] [clang-tidy] Warn on use of std::get_temporary_buffer The STL function `std::get_temporary_buffer` was originally designed with the intent of providing a more efficient implementation than the general-purpose operator new, but no such implementation was created and the API was deprecated (in C++17) and removed (in C++20). As this function is difficult to use and provides no advantages, I think (or at least hope) that nobody actually uses it; but given that it was present in the official standard, I think tidy should be able to report its bugprone nature. (It returns uninitialized memory, which can cause subtle bugs, e.g. as in the last code example of the SEI CERT rule EXP54-CPP.) --- .../bugprone/UnsafeFunctionsCheck.cpp | 9 +++++++-- .../checks/bugprone/unsafe-functions.rst | 1 + .../checkers/bugprone/unsafe-functions.cpp | 20 +++++++++++++++++++ 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp index dc749924fb700..71f6afb2f7712 100644 --- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp +++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp @@ -60,7 +60,8 @@ static StringRef getReplacementFor(StringRef FunctionName, .Cases({"asctime", "asctime_r"}, "strftime") .Case("gets", "fgets") .Case("rewind", "fseek") - .Case("setbuf", "setvbuf"); + .Case("setbuf", "setvbuf") + .Case("get_temporary_buffer", "operator new[]"); } static StringRef getReplacementForAdditional(StringRef FunctionName, @@ -97,6 +98,9 @@ static StringRef getRationaleFor(StringRef FunctionName) { .Cases({"rewind", "setbuf"}, "has no error detection") .Case("vfork", "is insecure as it can lead to denial of service " "situations in the parent process") + .Case("get_temporary_buffer", + "is bugprone, has no performance advantage, was deprecated in " + "C++17 and removed in C++20") .Default("is not bounds-checking"); } @@ -221,7 +225,8 @@ void UnsafeFunctionsCheck::registerMatchers(MatchFinder *Finder) { // Matching functions with replacements without Annex K. auto FunctionNamesMatcher = - hasAnyName("::asctime", "asctime_r", "::gets", "::rewind", "::setbuf"); + hasAnyName("::asctime", "asctime_r", "::gets", "::rewind", "::setbuf", + "::std::get_temporary_buffer"); Finder->addMatcher( declRefExpr( to(functionDecl(FunctionNamesMatcher).bind(FunctionNamesId))) diff --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst index aaf7aaff4a05c..88a3c145095d3 100644 --- a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst +++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst @@ -48,6 +48,7 @@ availability: - ``rewind``, suggested replacement: ``fseek`` - ``setbuf``, suggested replacement: ``setvbuf`` + - ``std::get_temporary_buffer``, suggested replacement: "plain" allocation with ``operator new[]`` If :option:`ReportMoreUnsafeFunctions` is enabled, the following functions are also checked: diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp new file mode 100644 index 0000000000000..36eda7460c104 --- /dev/null +++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp @@ -0,0 +1,20 @@ +// RUN: %check_clang_tidy -std=c++17 %s bugprone-unsafe-functions %t -- + +namespace std { +template <class T1, class T2> +struct pair { + T1 first; + T2 second; +}; + +using ptrdiff_t = long long; + +template<class T> +std::pair<T*, std::ptrdiff_t> + get_temporary_buffer(std::ptrdiff_t count) noexcept; +} + +void test() { + (void)std::get_temporary_buffer<int>(64); + // CHECK-MESSAGES: :[[@LINE-1]]:9: warning: function 'get_temporary_buffer<int>' is bugprone, has no performance advantage, was deprecated in C++17 and removed in C++20; 'operator new[]' should be used instead +} From b9c66415b50a94da57b438eb5570be959438c806 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <[email protected]> Date: Fri, 16 Jan 2026 13:59:58 +0100 Subject: [PATCH 2/6] Apply suggestions from code review in tests Co-authored-by: Victor Chernyakin <[email protected]> --- .../test/clang-tidy/checkers/bugprone/unsafe-functions.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp index 36eda7460c104..8308a2cd7b322 100644 --- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp +++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp @@ -1,4 +1,4 @@ -// RUN: %check_clang_tidy -std=c++17 %s bugprone-unsafe-functions %t -- +// RUN: %check_clang_tidy -std=c++11-or-later %s bugprone-unsafe-functions %t -- namespace std { template <class T1, class T2> @@ -16,5 +16,5 @@ std::pair<T*, std::ptrdiff_t> void test() { (void)std::get_temporary_buffer<int>(64); - // CHECK-MESSAGES: :[[@LINE-1]]:9: warning: function 'get_temporary_buffer<int>' is bugprone, has no performance advantage, was deprecated in C++17 and removed in C++20; 'operator new[]' should be used instead + // CHECK-MESSAGES: :[[@LINE-1]]:9: warning: function 'get_temporary_buffer<int>' is bugprone, has no performance advantage, was deprecated in C++17 and removed in C++20; 'operator new[]' should be used instead } From 5ce2f4242aa22a6923aeea6c077eb34611dd7c60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <[email protected]> Date: Fri, 16 Jan 2026 14:22:13 +0100 Subject: [PATCH 3/6] Mention this change in the Release Notes --- clang-tools-extra/docs/ReleaseNotes.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst index 69c3bcf67b8db..9fc873d984480 100644 --- a/clang-tools-extra/docs/ReleaseNotes.rst +++ b/clang-tools-extra/docs/ReleaseNotes.rst @@ -94,6 +94,11 @@ Improvements to clang-query Improvements to clang-tidy -------------------------- +- Improved :doc:`bugprone-unsafe-functions + <clang-tidy/checks/bugprone/unsafe-functions>` check by adding the function + ``std::get_temporary_buffer`` to the default list of unsafe functions. (This + function is unsafe, useless, deprecated in C++17 and removed in C++20). + New checks ^^^^^^^^^^ From c1a35ce911eb93b8e04260e5814d7da63b06ae14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <[email protected]> Date: Fri, 16 Jan 2026 14:58:43 +0100 Subject: [PATCH 4/6] Move Release Note entry to correct place --- clang-tools-extra/docs/ReleaseNotes.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst index 809442ef0fe3b..7bf51641abb5f 100644 --- a/clang-tools-extra/docs/ReleaseNotes.rst +++ b/clang-tools-extra/docs/ReleaseNotes.rst @@ -94,11 +94,6 @@ Improvements to clang-query Improvements to clang-tidy -------------------------- -- Improved :doc:`bugprone-unsafe-functions - <clang-tidy/checks/bugprone/unsafe-functions>` check by adding the function - ``std::get_temporary_buffer`` to the default list of unsafe functions. (This - function is unsafe, useless, deprecated in C++17 and removed in C++20). - New checks ^^^^^^^^^^ @@ -108,6 +103,11 @@ New check aliases Changes in existing checks ^^^^^^^^^^^^^^^^^^^^^^^^^^ +- Improved :doc:`bugprone-unsafe-functions + <clang-tidy/checks/bugprone/unsafe-functions>` check by adding the function + ``std::get_temporary_buffer`` to the default list of unsafe functions. (This + function is unsafe, useless, deprecated in C++17 and removed in C++20). + - Improved :doc:`misc-const-correctness <clang-tidy/checks/misc/const-correctness>` check: From ddde20f6b0f70e93ede94b141039f64ec2cf5cfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <[email protected]> Date: Mon, 19 Jan 2026 11:50:18 +0100 Subject: [PATCH 5/6] Wrap a line that was too long --- .../docs/clang-tidy/checks/bugprone/unsafe-functions.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst index 88a3c145095d3..4f5f8b39ed406 100644 --- a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst +++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst @@ -48,7 +48,8 @@ availability: - ``rewind``, suggested replacement: ``fseek`` - ``setbuf``, suggested replacement: ``setvbuf`` - - ``std::get_temporary_buffer``, suggested replacement: "plain" allocation with ``operator new[]`` + - ``std::get_temporary_buffer``, suggested replacement: "plain" allocation + with ``operator new[]`` If :option:`ReportMoreUnsafeFunctions` is enabled, the following functions are also checked: From bc03b04b44c834a80a75b5affd1e66a6647f4b5f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <[email protected]> Date: Mon, 19 Jan 2026 16:31:46 +0100 Subject: [PATCH 6/6] Clarify the warning message --- .../clang-tidy/bugprone/UnsafeFunctionsCheck.cpp | 6 +++--- .../test/clang-tidy/checkers/bugprone/unsafe-functions.cpp | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp index 71f6afb2f7712..6694356a2be98 100644 --- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp +++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp @@ -98,9 +98,9 @@ static StringRef getRationaleFor(StringRef FunctionName) { .Cases({"rewind", "setbuf"}, "has no error detection") .Case("vfork", "is insecure as it can lead to denial of service " "situations in the parent process") - .Case("get_temporary_buffer", - "is bugprone, has no performance advantage, was deprecated in " - "C++17 and removed in C++20") + .Case("get_temporary_buffer", "returns uninitialized memory without " + "performance advantages, was deprecated in " + "C++17 and removed in C++20") .Default("is not bounds-checking"); } diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp index 8308a2cd7b322..1ff04ed002a92 100644 --- a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp +++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp @@ -16,5 +16,5 @@ std::pair<T*, std::ptrdiff_t> void test() { (void)std::get_temporary_buffer<int>(64); - // CHECK-MESSAGES: :[[@LINE-1]]:9: warning: function 'get_temporary_buffer<int>' is bugprone, has no performance advantage, was deprecated in C++17 and removed in C++20; 'operator new[]' should be used instead + // CHECK-MESSAGES: :[[@LINE-1]]:9: warning: function 'get_temporary_buffer<int>' returns uninitialized memory without performance advantages, was deprecated in C++17 and removed in C++20; 'operator new[]' should be used instead } _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
