[-Wunsafe-buffer-usage] Relax passing to __counted_by_or_null() #11170
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
patrykstefanski
requested review from
delcypher,
hnrklssn,
rapidsna and
ziqingluo-90
patrykstefanski
added
the
clang:bounds-safety
hnrklssn
reviewed
Aug 14, 2025
clang/test/SemaCXX/warn-unsafe-buffer-usage-count-attributed-pointer-argument.cpp
Outdated
Show resolved
Hide resolved
patrykstefanski
force-pushed
the
eng/pstefanski/PR-156006635
branch
from
1c9cc8d to
f2adef0
Compare
hnrklssn
reviewed
Aug 15, 2025
clang/test/SemaCXX/warn-unsafe-buffer-usage-count-attributed-pointer-argument.cpp
Outdated
Show resolved
Hide resolved
patrykstefanski
force-pushed
the
eng/pstefanski/PR-156006635
branch
from
f2adef0 to
eee3ae8
Compare
|
|
||
| sbn_void(sb, n); | ||
| sbn_void(sbn, n); | ||
| } |
There was a problem hiding this comment.
Can we add more tests:
- unsafe cases of
cbn_intandsun_void; - passing
__counted/sized_by_or_nullpointers tostd::span - passing
__counted/sized_by_or_nullpointers to the 1st and 2nd parameters ofsnprintffunctions
Author
There was a problem hiding this comment.
- unsafe cases of
cbn_intandsun_void;
Added.
- passing
__counted/sized_by_or_nullpointers tostd::span
Added and those can be imho allowed, since std::span constructor checks for size being 0 if the pointer is nullptr.
- passing
__counted/sized_by_or_nullpointers to the 1st and 2nd parameters ofsnprintffunctions
Added a few tests for snprintf and friends if they are annotated. For the unannotated snprintf, right now passing __counted_by_or_null() is allowed, but probably shouldn't. WDYT? In any case, we could fix this in another PR.
There was a problem hiding this comment.
According to cppreference snprintf, it is ok to pass nullptr to snprintf as long as size is 0. So we are good.
Relax restrictions when passing to __counted_by_or_null()/__sized_by_or_null() parameters: - Allow the dependent count var to be anything. - Allow passing from non-null variant to *_or_null(), but do warn for passing *_or_null() to non-null variant. rdar://156006635
patrykstefanski
force-pushed
the
eng/pstefanski/PR-156006635
branch
from
eee3ae8 to
dd57b56
Compare
Author
|
@swift-ci test llvm |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Relax restrictions when passing to
__counted_by_or_null()/__sized_by_or_null() parameters:
rdar://156006635