Identify two more unsafe uses of getCustomDiagID()

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@200126 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/ARCMigrate/ObjCMT.cpp b/lib/ARCMigrate/ObjCMT.cpp
index af88cb6bc1f879523ef52de0139d048b8cb80af7..39370b9823433d29dd1813c8430a4a797101fa92 100644 (file)
--- a/lib/ARCMigrate/ObjCMT.cpp
+++ b/lib/ARCMigrate/ObjCMT.cpp
@@ -1845,6 +1845,8 @@ void ObjCMigrateASTConsumer::HandleTranslationUnit(ASTContext &Ctx) {
    std::string Error;
    llvm::raw_fd_ostream OS(MigrateDir.c_str(), Error, llvm::sys::fs::F_Binary);
     if (!Error.empty()) {
+      // FIXME: It's not safe to pass arbitrary user-generated strings into
+      // getCustomDiagID(). Use a constant diagnostic ID instead.
       unsigned ID = Ctx.getDiagnostics().getDiagnosticIDs()->
           getCustomDiagID(DiagnosticIDs::Error, Error);
       Ctx.getDiagnostics().Report(ID);
@@ -2061,6 +2063,8 @@ private:
 
 static bool reportDiag(const Twine &Err, DiagnosticsEngine &Diag) {
   SmallString<128> Buf;
+  // FIXME: It's not safe to pass arbitrary user-generated strings into
+  // getCustomDiagID(). Use a constant diagnostic ID instead.
   unsigned ID = Diag.getDiagnosticIDs()->getCustomDiagID(DiagnosticIDs::Error,
                                                          Err.toStringRef(Buf));
   Diag.Report(ID);