ccotter wrote: > 1. How common is this bug?
In one of our internal codebases, a sample of about 1500 files found just over 2% of the files had this bug. As we migrated platforms/standard libraries, the behavior which was previously correct (by chance) changed to be incorrect. > 2. What happens in practice at runtime? In practice, the formatted string can be incorrect (but no crash etc). One example is https://godbolt.org/z/3GdnPrsYj ``` char buf[10]; sprintf(buf, "%s", "12"); sprintf(buf, "%s%s", "34", buf); printf("/%s/\n", buf); // 3434 ``` > 3. What are existing ways of detecting this, if any? None to my knowledge. After finding a couple occurrences of this bug internally, I realized clang-query/clang-tidy could easily catch this. https://github.com/llvm/llvm-project/pull/114244 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
