following hold:
(1) A vprintf-like function is called that takes the argument list via a
via_list argument.
(2) The format string is a non-literal that is the parameter value of
the enclosing function, e.g:
void logmessage(const char *fmt,...) {
va_list ap;
va_start(ap,fmt);
fprintf(fmt,ap); // Do not emit a warning.
}
In the future this special case will be enhanced to consult the "format"
attribute attached to a function declaration instead of just allowing a blank
check for all function parameters to be used as format strings to vprintf-like
functions. This will happen when more support for attributes becomes
available.
llvm-svn: 45114
printf format strings. Added type checking to see if the matching
width/precision argument was of type 'int'.
Thanks to Anders Carlsson for reporting this missing feature.
llvm-svn: 42933
using "-parse-ast -verify".
Updated all test cases (using a sed script) that invoked -parse-ast-check to
now use -parse-ast -verify.
Fixed a bug where using "-verify" instead of "-parse-ast-check" would not
correctly create the DiagClient needed to accumulate diagnostics.
llvm-svn: 42365
family of functions. Previous functionality only included checking to
see if the format string was a string literal. Now we check parse the
format string (if it is a literal) and perform the following checks:
(1) Warn if: number conversions (e.g. "%d") != number data arguments.
(2) Warn about missing format strings (e.g., "printf()").
(3) Warn if the format string is not a string literal.
(4) Warn about the use se of '%n' conversion. This conversion is
discouraged for security reasons.
(5) Warn about malformed conversions. For example '%;', '%v'; these
are not valid.
(6) Warn about empty format strings; e.g. printf(""). Although these
can be optimized away by the compiler, they can be indicative of
broken programmer logic. We may need to add additional support to
see when such cases occur within macro expansion to avoid false
positives.
(7) Warn if the string literal is wide; e.g. L"%d".
(8) Warn if we detect a '\0' character WITHIN the format string.
Test cases are included.
llvm-svn: 41076
"I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral."
llvm-svn: 41003
Ted Kremenek