Today I came across the exact same bug as described in this SO post: https://stackoverflow.com/questions/1283354/is-sprintfbuffer-s-buffer-safe
sprintf(buffer, “%s”, buffer) has undefined behavior. And as it turns out, this code fails on the new platform where I’m porting this legacy code, while it was working on the old platform.
Unless I missed something, It looks like there is no clang-tidy check, nor anything implemented for UB sanitizer.
Is there any reason for this? Did someone try to work on this in the past?
If not, but if you think this could be of interest, I can try to write a patch for this.
What do you think would be the best place to have such a check?
I feel like UB sanitizer would catch more errors than static analyzer, which will have a hard time catching more complex cases e.g. when two variables point to the same address.
Still, it might be useful to have basic checks for clang-tidy to catch obvious cases.