From: Chris Lattner Date: Wed, 29 Apr 2009 04:59:47 +0000 (+0000) Subject: implement -Wformat-security properly, which is enabled by default. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=655f141f4d4c92eeebcc880211313e84c0a8b2f2;p=clang implement -Wformat-security properly, which is enabled by default. This enables one specific class of non-literal format warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70368 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/include/clang/Basic/DiagnosticGroups.td b/include/clang/Basic/DiagnosticGroups.td index e0d33e2d24..be35943a12 100644 --- a/include/clang/Basic/DiagnosticGroups.td +++ b/include/clang/Basic/DiagnosticGroups.td @@ -35,8 +35,8 @@ def ExtraTokens : DiagGroup<"extra-tokens">; def FormatExtraArgs : DiagGroup<"format-extra-args">; def Format : DiagGroup<"format", [FormatExtraArgs]>; -def FormatNonLiteral : DiagGroup<"format-nonliteral", [Format]>; def FormatSecurity : DiagGroup<"format-security", [Format]>; +def FormatNonLiteral : DiagGroup<"format-nonliteral", [FormatSecurity]>; def FormatY2K : DiagGroup<"format-y2k", [Format]>; def Format2 : DiagGroup<"format=2", [FormatNonLiteral, FormatSecurity, FormatY2K]>; diff --git a/include/clang/Basic/DiagnosticSemaKinds.td b/include/clang/Basic/DiagnosticSemaKinds.td index 536fd01d91..6fcdff96e0 100644 --- a/include/clang/Basic/DiagnosticSemaKinds.td +++ b/include/clang/Basic/DiagnosticSemaKinds.td @@ -1057,8 +1057,11 @@ def err_builtin_direct_init_more_than_one_arg : Error< "initializer of a builtin type can only take one argument">; def err_value_init_for_array_type : Error< "array types cannot be value-initialized">; -def warn_printf_not_string_constant : Warning< +def warn_printf_nonliteral_noargs : Warning< "format string is not a string literal (potentially insecure)">, + InGroup; +def warn_printf_nonliteral : Warning< + "format string is not a string literal">, InGroup, DefaultIgnore; def err_unexpected_interface : Error< diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp index d355ba4e99..3e46300b60 100644 --- a/lib/Sema/SemaChecking.cpp +++ b/lib/Sema/SemaChecking.cpp @@ -604,9 +604,16 @@ Sema::CheckPrintfArguments(const CallExpr *TheCall, bool HasVAListArg, if (isa(DR->getDecl())) return; - Diag(TheCall->getArg(format_idx)->getLocStart(), - diag::warn_printf_not_string_constant) - << OrigFormatExpr->getSourceRange(); + // If there are no arguments specified, warn with -Wformat-security, otherwise + // warn only with -Wformat-nonliteral. + if (TheCall->getNumArgs() == format_idx+1) + Diag(TheCall->getArg(format_idx)->getLocStart(), + diag::warn_printf_nonliteral_noargs) + << OrigFormatExpr->getSourceRange(); + else + Diag(TheCall->getArg(format_idx)->getLocStart(), + diag::warn_printf_nonliteral) + << OrigFormatExpr->getSourceRange(); } void Sema::CheckPrintfString(const StringLiteral *FExpr, diff --git a/test/Sema/format-strings.c b/test/Sema/format-strings.c index c7392c1f0c..50903b0cf8 100644 --- a/test/Sema/format-strings.c +++ b/test/Sema/format-strings.c @@ -113,3 +113,15 @@ void test_constant_bindings(void) { printf(s4); // expected-warning{{not a string literal}} printf(s5); // expected-warning{{not a string literal}} } + + +// Test what happens when -Wformat-security only. +#pragma GCC diagnostic ignored "-Wformat-nonliteral" +#pragma GCC diagnostic warning "-Wformat-security" + +void test9(char *P) { + int x; + printf(P); // expected-warning {{format string is not a string literal (potentially insecure)}} + printf(P, 42); + printf("%n", &x); // expected-warning {{use of '%n' in format string discouraged }} +}