Session Type
Technical Talk
Date & Time
Wednesday, October 11, 2023, 5:15 PM - 5:45 PM
Wunsafe-buffer-usage: A Clang warning to adopt a bounds-safe programming mode in C++

Buffer overflows in C++ continue to be a source of security vulnerabilities. In this talk we will describe -Wunsafe-buffer-usage, a new clang compiler warning with associated Fix-Its to help programmers adopt the newly hardened bounds-safe APIs in libc++. Over the past year we have implemented analysis and source-compatible Fix-Its that enable developers to incrementally adopt these APIs for local variables and function parameters. We will share what we have learned about writing complex Fix-Its that preserve program correctness while protecting as much code as possible. We will also describe our vision for adopting in other cases, such as class members, that we see as important future work.

Location Name
Grand Ballroom