Create bugprone-printf-array check

Description

void f()
{
  char buff[80];
  sprintf(buff, "Hello, %s!\n", "world");
}

void f()
{
  char buff[80];
  snprintf(buff, sizeof(buff), "Hello, %s!\n", "world");
}

Contributor guide

Tech stack

cpp

Domain

toolingdeveloper experience

Issue type

feature

DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.

3

Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.

1-2 days

Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.

fresh

ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.

clear

Prerequisites

C programmingclang tidy frameworkAST matchers

Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.

45

Research direction

First, examine existing clang tidy checks in the llvm project repository under clang tools extra/clang tidy/ to understand the structure (e.g., check class, register check, add documentation). The new check should be placed in the bugprone module. Use AST matchers to find calls to sprintf where the first argument is a fixed size char array (use arrayType() and hasType() matchers). Then emit a diagnostic recommending snprintf with sizeof. Look at similar checks like bugprone sprintf return value for reference. No linked PRs or maintainer questions are present, so the implementation is open. Test cases should be added under clang tools extra/test/clang tidy/.