C++: exclude printf implementation internals from uncontrolled format string sinks#21493
Open
MarkLee131 wants to merge 4 commits intogithub:mainfrom
Open
C++: exclude printf implementation internals from uncontrolled format string sinks#21493MarkLee131 wants to merge 4 commits intogithub:mainfrom
MarkLee131 wants to merge 4 commits intogithub:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the C++ cpp/tainted-format-string query to reduce false positives that occur inside implementations of printf-like functions (and their wrappers), by excluding certain internal format-string sinks while preserving reporting at the outermost call sites.
Changes:
- Introduces a helper predicate to identify printf-like functions and wrapper functions forwarding format strings.
- Narrows the sink definition to exclude sinks occurring inside those identified functions.
You can also share your feedback on Copilot code review. Take the survey.
geoffw0
reviewed
Mar 17, 2026
Contributor
geoffw0
left a comment
There was a problem hiding this comment.
@MarkLee131 thank you for your contribution! I'm going to start some CI and probably try this out locally.
Comment on lines
+26
to
+36
| /** | ||
| * Holds if `f` is a printf-like function or a (possibly nested) wrapper | ||
| * that forwards a format-string parameter to one. | ||
| * | ||
| * Functions that *implement* printf-like behaviour (e.g. a custom | ||
| * `vsnprintf` variant) internally parse the caller-supplied format string | ||
| * and build small, bounded, local format strings such as `"%d"` or `"%ld"` | ||
| * for inner `sprintf` calls. Taint that reaches those inner calls via the | ||
| * parsed format specifier is not exploitable, so sinks inside such | ||
| * functions should be excluded. | ||
| */ |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Author
|
Hi @geoffw0, I have resolved the issues mentioned above. Could you pelase review this PR again? thanks~ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix #21492
printf(tainted_str)smsg(tainted_fmt, ...)) remainflagged