I believe this report can lead to more serious issues in codebases specially because no warnings are given in the docstrings of
get for example.
IMO the following idioms are very common in the community:
(get [1 2 3] 5)
(get [1 2 3] 5 100)
And if the value
5 above is user-provided or a result of some math operation that can go wrong, we will cause hard to find bugs or even security breaches.
This form of Index Overflow errors can cause all sorts of problems, this CVE has some concerns about such cases https://cwe.mitre.org/data/definitions/129.html.
I know this is not exactly the same problem, but I share the views of this entry as applicable to our case here:
"Use of an index that is outside the bounds of an array can also trigger out-of-bounds read or write operations, or operations on the wrong objects; i.e., "buffer overflows" are not always the result. This may result in the exposure or modification of sensitive data."
I would expect to keep the
nil value as answer when accessing an ARRAY using indexes outside its bounds.