While '%n' can be used for evil in an attacker-controlled format string, there
isn't any acute danger in using it in a literal format string with an argument
of the appropriate type.
llvm-svn: 160984
about argument type mismatch.
This gives a nicer diagnostic in cases like
printf(fmt,
i);
where previously the snippet just pointed at 'fmt' (with a note at the
definition of fmt).
It's a wash for cases like
printf("%f",
i);
where previously we snippeted the offending portion of the format string,
but didn't indicate which argument was at fault.
llvm-svn: 156968
For "%hhx", printf expects an unsigned char. This makes Clang
accept a 'char' argument for that also when using -funsigned-char.
This fixes PR12761.
llvm-svn: 156388
Teach ASTContext about WIntType, and have it taken from TargetInfo like WCharType. Should fix test/Sema/format-strings.c for ARM, with the exception of one subtest which will fail if wint_t and wchar_t are the same size and wint_t is signed, wchar_t is unsigned.
There'll be a followup commit to fix that.
Reviewed by Chandler and Hans at http://llvm.org/reviews/r/8
llvm-svn: 156165
This adds the -Wformat-non-standard flag (off by default,
enabled by -pedantic), which warns about non-standard
things in format strings (such as the 'q' length modifier,
the 'S' conversion specifier, etc.)
llvm-svn: 151154
This is in preparation for being able to warn about 'q' and other
non-standard format string features.
It also allows us to print its name correctly.
llvm-svn: 150697
- Remove the printf0 special handling as we treat it as printf anyway.
- Perform basic checks (non-literal, empty) for all formats and not only printf/scanf.
llvm-svn: 149236
string is part of the function call, then there is no difference. If the
format string is not, the warning will point to the call site and a note
will point to where the format string is.
Fix-it hints for strings are moved to the note if a note is emitted. This will
prevent changes to format strings that may be used in multiple places.
llvm-svn: 143168
the function processing the format string can decided whether or not to accept a null format string (e.g., asl_log). Fixes <rdar://problem/8269537>.
llvm-svn: 113469
http://llvm.org/bugs/show_bug.cgi?id=7377
Updated format string highlighting and fixits to take advantage of the new CharSourceRange class.
- Change HighlightRange to allow highlighting whitespace only in a CharSourceRange (for warnings about the ' ' (space) flag)
- Change format specifier range helper function to allow for half-open ranges (+1 to end)
- Enabled previously failing tests (FIXMEs/XFAILs removed)
- Small fixes and additions to format string test cases
M test/Sema/format-strings.c
M test/Sema/format-strings-fixit.c
M lib/Frontend/TextDiagnosticPrinter.cpp
M lib/Sema/SemaChecking.cpp
llvm-svn: 106480
- Added warning for undefined behavior when using field specifier
- Added warning for undefined behavior when using length modifier
- Fixed warnings for invalid flags
- Added warning for ignored flags
- Added fixits for the above warnings
- Fixed accuracy of detecting several undefined behavior conditions
- Receive normal warnings in addition to security warnings when using %n
- Fix bug where '+' flag would remain on unsigned conversion suggestions
Summary of changes:
- Added expanded tests
- Added/expanded warnings
- Added position info to OptionalAmounts for fixits
- Extracted optional flags to a wrapper class with position info for fixits
- Added several methods to validate a FormatSpecifier by component, each checking for undefined behavior
- Fixed conversion specifier checking to conform to C99 standard
- Added hooks to detect the invalid states in CheckPrintfHandler::HandleFormatSpecifier
Note: warnings involving the ' ' (space) flag are temporarily disabled until whitespace highlighting no longer triggers assertions. I will make a post about this on cfe-dev shortly.
M test/Sema/format-strings.c
M include/clang/Basic/DiagnosticSemaKinds.td
M include/clang/Analysis/Analyses/PrintfFormatString.h
M lib/Analysis/PrintfFormatString.cpp
M lib/Sema/SemaChecking.cpp
llvm-svn: 106233
diagnostics. That would be while we're parsing string literals for the
sole purpose of producing a diagnostic about them. Fixes
<rdar://problem/8026030>.
llvm-svn: 104684
method parameter, provide a note pointing at the parameter itself so
the user does not have to manually look for the function/method being
called and match up parameters to arguments. For example, we now get:
t.c:4:5: warning: incompatible pointer types passing 'long *' to
parameter of
type 'int *' [-pedantic]
f(long_ptr);
^~~~~~~~
t.c:1:13: note: passing argument to parameter 'x' here
void f(int *x);
^
llvm-svn: 102038
(1) Do not assume the data arguments start after the format string
(2) Do not use the fact that a function is variadic to treat it like a va_list printf function
Fixes PR 6697.
llvm-svn: 99480
Dmitri Gribenko