It appears that technically a null format string is not warned under -Wformat-nonlite...

the function processing the format string can decided whether or not to accept a null format string (e.g., asl_log).  Fixes <rdar://problem/8269537>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113469 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp
index 6092348004e60658cc53f50771656e42a1946856..1a7bd1d07fc6e8a56773ffaa8e5ede49fb920540 100644 (file)
--- a/lib/Sema/SemaChecking.cpp
+++ b/lib/Sema/SemaChecking.cpp
@@ -955,6 +955,13 @@ bool Sema::SemaCheckStringLiteral(const Expr *E, const CallExpr *TheCall,
                                   format_idx, firstDataArg, isPrintf);
   }
 
+  case Stmt::IntegerLiteralClass:
+    // Technically -Wformat-nonliteral does not warn about this case.
+    // The behavior of printf and friends in this case is implementation
+    // dependent.  Ideally if the format string cannot be null then
+    // it should have a 'nonnull' attribute in the function prototype.
+    return true;
+
   case Stmt::ImplicitCastExprClass: {
     E = cast<ImplicitCastExpr>(E)->getSubExpr();
     goto tryAgain;

diff --git a/test/Sema/format-strings.c b/test/Sema/format-strings.c
index 2325454c0b7535aa43a7b203144236fc2a3c6d40..9e8007b9b02d298cad5c563534e7c800a5e07a30 100644 (file)
--- a/test/Sema/format-strings.c
+++ b/test/Sema/format-strings.c
@@ -301,3 +301,10 @@ void pr7981(wint_t c, wchar_t c2) {
   printf("%lc", c2); // no-warning
 }
 
+// <rdar://problem/8269537> -Wformat-security says NULL is not a string literal
+void r8269537() {
+  // This is likely to crash in most cases, but -Wformat-nonliteral technically
+  // doesn't warn in this case.
+  printf(0); // no-warning
+}
+