Author: DonĂ¡t Nagy Date: 2026-01-19T17:56:24+01:00 New Revision: 1219cc76d13825e060c4c7eb133a430abe2d5f7e
URL: https://github.com/llvm/llvm-project/commit/1219cc76d13825e060c4c7eb133a430abe2d5f7e DIFF: https://github.com/llvm/llvm-project/commit/1219cc76d13825e060c4c7eb133a430abe2d5f7e.diff LOG: [clang-tidy] Warn on use of std::get_temporary_buffer (#176191) The STL function `std::get_temporary_buffer` was originally designed with the intent of providing a more efficient implementation than the general-purpose operator new, but no such implementation was created and the API was deprecated (in C++17) and removed (in C++20). As this function is difficult to use and provides no advantages, I think (or at least hope) that nobody actually uses it; but given that it was present in the official standard, I think tidy should be able to report its bugprone nature. (It returns uninitialized memory, which can cause subtle bugs, e.g. as in the last code example of the SEI CERT rule EXP54-CPP.) Added: clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp Modified: clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp clang-tools-extra/docs/ReleaseNotes.rst clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst Removed: ################################################################################ diff --git a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp index dc749924fb700..6694356a2be98 100644 --- a/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp +++ b/clang-tools-extra/clang-tidy/bugprone/UnsafeFunctionsCheck.cpp @@ -60,7 +60,8 @@ static StringRef getReplacementFor(StringRef FunctionName, .Cases({"asctime", "asctime_r"}, "strftime") .Case("gets", "fgets") .Case("rewind", "fseek") - .Case("setbuf", "setvbuf"); + .Case("setbuf", "setvbuf") + .Case("get_temporary_buffer", "operator new[]"); } static StringRef getReplacementForAdditional(StringRef FunctionName, @@ -97,6 +98,9 @@ static StringRef getRationaleFor(StringRef FunctionName) { .Cases({"rewind", "setbuf"}, "has no error detection") .Case("vfork", "is insecure as it can lead to denial of service " "situations in the parent process") + .Case("get_temporary_buffer", "returns uninitialized memory without " + "performance advantages, was deprecated in " + "C++17 and removed in C++20") .Default("is not bounds-checking"); } @@ -221,7 +225,8 @@ void UnsafeFunctionsCheck::registerMatchers(MatchFinder *Finder) { // Matching functions with replacements without Annex K. auto FunctionNamesMatcher = - hasAnyName("::asctime", "asctime_r", "::gets", "::rewind", "::setbuf"); + hasAnyName("::asctime", "asctime_r", "::gets", "::rewind", "::setbuf", + "::std::get_temporary_buffer"); Finder->addMatcher( declRefExpr( to(functionDecl(FunctionNamesMatcher).bind(FunctionNamesId))) diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst index 68293fcdfafe2..4a44f3db9ac03 100644 --- a/clang-tools-extra/docs/ReleaseNotes.rst +++ b/clang-tools-extra/docs/ReleaseNotes.rst @@ -103,6 +103,11 @@ New check aliases Changes in existing checks ^^^^^^^^^^^^^^^^^^^^^^^^^^ +- Improved :doc:`bugprone-unsafe-functions + <clang-tidy/checks/bugprone/unsafe-functions>` check by adding the function + ``std::get_temporary_buffer`` to the default list of unsafe functions. (This + function is unsafe, useless, deprecated in C++17 and removed in C++20). + - Improved :doc:`misc-const-correctness <clang-tidy/checks/misc/const-correctness>` check: diff --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst index aaf7aaff4a05c..4f5f8b39ed406 100644 --- a/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst +++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/unsafe-functions.rst @@ -48,6 +48,8 @@ availability: - ``rewind``, suggested replacement: ``fseek`` - ``setbuf``, suggested replacement: ``setvbuf`` + - ``std::get_temporary_buffer``, suggested replacement: "plain" allocation + with ``operator new[]`` If :option:`ReportMoreUnsafeFunctions` is enabled, the following functions are also checked: diff --git a/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp new file mode 100644 index 0000000000000..1ff04ed002a92 --- /dev/null +++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.cpp @@ -0,0 +1,20 @@ +// RUN: %check_clang_tidy -std=c++11-or-later %s bugprone-unsafe-functions %t -- + +namespace std { +template <class T1, class T2> +struct pair { + T1 first; + T2 second; +}; + +using ptr diff _t = long long; + +template<class T> +std::pair<T*, std::ptr diff _t> + get_temporary_buffer(std::ptr diff _t count) noexcept; +} + +void test() { + (void)std::get_temporary_buffer<int>(64); + // CHECK-MESSAGES: :[[@LINE-1]]:9: warning: function 'get_temporary_buffer<int>' returns uninitialized memory without performance advantages, was deprecated in C++17 and removed in C++20; 'operator new[]' should be used instead +} _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
