From: Hans Wennborg Date: Mon, 30 Jul 2012 17:11:32 +0000 (+0000) Subject: Make -Wformat check the argument type for %n. X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cec9ce49dcf4b4b768043f96c8ef8c1d4cdbb6b9;p=clang Make -Wformat check the argument type for %n. This makes Clang check that the corresponding argument for "%n" in a format string is a pointer to int. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160966 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Analysis/PrintfFormatString.cpp b/lib/Analysis/PrintfFormatString.cpp index 2a9644a353..ed87c92101 100644 --- a/lib/Analysis/PrintfFormatString.cpp +++ b/lib/Analysis/PrintfFormatString.cpp @@ -330,6 +330,8 @@ ArgTypeResult PrintfSpecifier::getArgType(ASTContext &Ctx, return ArgTypeResult(Ctx.WCharTy, "wchar_t"); case ConversionSpecifier::pArg: return ArgTypeResult::CPointerTy; + case ConversionSpecifier::nArg: + return Ctx.getPointerType(Ctx.IntTy); case ConversionSpecifier::ObjCObjArg: return ArgTypeResult::ObjCPointerTy; default: @@ -342,6 +344,10 @@ ArgTypeResult PrintfSpecifier::getArgType(ASTContext &Ctx, bool PrintfSpecifier::fixType(QualType QT, const LangOptions &LangOpt, ASTContext &Ctx, bool IsObjCLiteral) { + // %n is different from other conversion specifiers; don't try to fix it. + if (CS.getKind() == ConversionSpecifier::nArg) + return false; + // Handle Objective-C objects first. Note that while the '%@' specifier will // not warn for structure pointer or void pointer arguments (because that's // how CoreFoundation objects are implemented), we only show a fixit for '%@' diff --git a/lib/Analysis/ScanfFormatString.cpp b/lib/Analysis/ScanfFormatString.cpp index 5c7e6ef8f2..3c848f1f09 100644 --- a/lib/Analysis/ScanfFormatString.cpp +++ b/lib/Analysis/ScanfFormatString.cpp @@ -303,6 +303,9 @@ ScanfArgTypeResult ScanfSpecifier::getArgType(ASTContext &Ctx) const { case ConversionSpecifier::pArg: return ScanfArgTypeResult(ArgTypeResult(ArgTypeResult::CPointerTy)); + case ConversionSpecifier::nArg: + return ArgTypeResult(Ctx.IntTy); + default: break; } @@ -315,6 +318,10 @@ bool ScanfSpecifier::fixType(QualType QT, const LangOptions &LangOpt, if (!QT->isPointerType()) return false; + // %n is different from other conversion specifiers; don't try to fix it. + if (CS.getKind() == ConversionSpecifier::nArg) + return false; + QualType PT = QT->getPointeeType(); // If it's an enum, get its underlying type. diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp index 73f9b01594..200b9439a6 100644 --- a/lib/Sema/SemaChecking.cpp +++ b/lib/Sema/SemaChecking.cpp @@ -2568,8 +2568,6 @@ CheckPrintfHandler::HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier getLocationOfByte(CS.getStart()), /*IsStringLocation*/true, getSpecifierRange(startSpecifier, specifierLen)); - // Continue checking the other format specifiers. - return true; } // The remaining checks depend on the data arguments. diff --git a/test/Sema/format-strings-scanf.c b/test/Sema/format-strings-scanf.c index e94af5acb1..2ce94840a6 100644 --- a/test/Sema/format-strings-scanf.c +++ b/test/Sema/format-strings-scanf.c @@ -121,3 +121,8 @@ void test_quad(int *x, long long *llx) { scanf("%qd", x); // expected-warning{{format specifies type 'long long *' but the argument has type 'int *'}} scanf("%qd", llx); // no-warning } + +void test_writeback(int *x) { + scanf("%n", (void*)0); // expected-warning{{format specifies type 'int *' but the argument has type 'void *'}} + scanf("%n %c", x, x); // expected-warning{{format specifies type 'char *' but the argument has type 'int *'}} +} diff --git a/test/Sema/format-strings.c b/test/Sema/format-strings.c index 5c30849059..9da5f9b6c7 100644 --- a/test/Sema/format-strings.c +++ b/test/Sema/format-strings.c @@ -91,6 +91,7 @@ void check_writeback_specifier() printf("%n",&x); // expected-warning {{'%n' in format string discouraged}} sprintf(b,"%d%%%n",1, &x); // expected-warning {{'%n' in format string dis}} + printf("%n",b); // expected-warning {{'%n' in format string discouraged}} expected-warning{{format specifies type 'int *' but the argument has type 'char *'}} } void check_invalid_specifier(FILE* fp, char *buf) @@ -316,14 +317,14 @@ void bug7377_bad_length_mod_usage() { // Bad flag usage printf("%#p", (void *) 0); // expected-warning{{flag '#' results in undefined behavior with 'p' conversion specifier}} printf("%0d", -1); // no-warning - printf("%#n", (void *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} - printf("%-n", (void *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} + printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} + printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} printf("%-p", (void *) 0); // no-warning // Bad optional amount use printf("%.2c", 'a'); // expected-warning{{precision used with 'c' conversion specifier, resulting in undefined behavior}} - printf("%1n", (void *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} - printf("%.9n", (void *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} + printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} + printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} // Ignored flags printf("% +f", 1.23); // expected-warning{{flag ' ' is ignored when flag '+' is present}} @@ -436,8 +437,9 @@ void pr9751() { printf("%18$s\n", 1, "foo"); // expected-warning{{data argument position '18' exceeds the number of data arguments (2)}} const char kFormat3[] = "%n"; // expected-note{{format string is defined here}} - printf(kFormat3, "as"); // expected-warning{{use of '%n' in format string discouraged}} - printf("%n", "as"); // expected-warning{{use of '%n' in format string discouraged}} + printf(kFormat3, (int*)NULL); // expected-warning{{use of '%n' in format string discouraged}} + printf("%n", (int*)NULL); // expected-warning{{use of '%n' in format string discouraged}} + const char kFormat4[] = "%y"; // expected-note{{format string is defined here}} printf(kFormat4, 5); // expected-warning{{invalid conversion specifier 'y'}}