https://github.com/5chmidti requested changes to this pull request.
There are some false-negatives that exist for this check: E.g., ```c++ // from tests char bufss[10][10][10]; sprintf(bufss[0][1], "%s", bufss[0][1]); ``` or `*( *(bufss + 0) + 1)`. Though these can border on requiring, e.g., symbolic execution due to the potential complexity, and there is IMO no need to support expressions that are arbitrarily complex, but two levels of pointer indirections sounds like a solid basis to me. (the note on complexity also applies to the other points) Also, `obj.bufs[1]`. The check is also only considering subscript operators that are using integer literals as offsets, and not expressions that evaluate to a constant at compile time (`1+1`), or plain variables. If the expression inside `[]` has no side effects, they will be the same and the access is overlapping: `sprintf(bufs[n], "%s". bufs[n])`. WDYT? It would be nice to have some of those cases detectable https://github.com/llvm/llvm-project/pull/114244 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
