From 78a1b196cc6854a29c0ff2d6ea5f5643be6040c6 Mon Sep 17 00:00:00 2001 From: Matt Beaumont-Gay Date: Mon, 30 Jul 2012 20:21:58 +0000 Subject: [PATCH] Do not warn on correct use of the '%n' format specifier. While '%n' can be used for evil in an attacker-controlled format string, there isn't any acute danger in using it in a literal format string with an argument of the appropriate type. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160984 91177308-0d34-0410-b5e6-96231b3b80d8 --- include/clang/Basic/DiagnosticSemaKinds.td | 3 --- lib/Sema/SemaChecking.cpp | 9 --------- test/Sema/format-strings.c | 21 ++++++--------------- 3 files changed, 6 insertions(+), 27 deletions(-) diff --git a/include/clang/Basic/DiagnosticSemaKinds.td b/include/clang/Basic/DiagnosticSemaKinds.td index eb8fcbba3e..a58f901cc3 100644 --- a/include/clang/Basic/DiagnosticSemaKinds.td +++ b/include/clang/Basic/DiagnosticSemaKinds.td @@ -5327,9 +5327,6 @@ def warn_array_index_exceeds_bounds : Warning< def note_array_index_out_of_bounds : Note< "array %0 declared here">; -def warn_printf_write_back : Warning< - "use of '%%n' in format string discouraged (potentially insecure)">, - InGroup; def warn_printf_insufficient_data_args : Warning< "more '%%' conversions than data arguments">, InGroup; def warn_printf_data_arg_not_used : Warning< diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp index 200b9439a6..dce912c477 100644 --- a/lib/Sema/SemaChecking.cpp +++ b/lib/Sema/SemaChecking.cpp @@ -2561,15 +2561,6 @@ CheckPrintfHandler::HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier HandleNonStandardConversionSpecification(LM, CS, startSpecifier, specifierLen); - // Are we using '%n'? - if (CS.getKind() == ConversionSpecifier::nArg) { - // Issue a warning about this being a possible security issue. - EmitFormatDiagnostic(S.PDiag(diag::warn_printf_write_back), - getLocationOfByte(CS.getStart()), - /*IsStringLocation*/true, - getSpecifierRange(startSpecifier, specifierLen)); - } - // The remaining checks depend on the data arguments. if (HasVAListArg) return true; diff --git a/test/Sema/format-strings.c b/test/Sema/format-strings.c index 9da5f9b6c7..d35125833c 100644 --- a/test/Sema/format-strings.c +++ b/test/Sema/format-strings.c @@ -88,10 +88,8 @@ void check_writeback_specifier() { int x; char *b; - - printf("%n",&x); // expected-warning {{'%n' in format string discouraged}} - sprintf(b,"%d%%%n",1, &x); // expected-warning {{'%n' in format string dis}} - printf("%n",b); // expected-warning {{'%n' in format string discouraged}} expected-warning{{format specifies type 'int *' but the argument has type 'char *'}} + printf("%n", b); // expected-warning{{format specifies type 'int *' but the argument has type 'char *'}} + printf("%n", &x); // no-warning } void check_invalid_specifier(FILE* fp, char *buf) @@ -168,7 +166,6 @@ void test9(char *P) { int x; printf(P); // expected-warning {{format string is not a string literal (potentially insecure)}} printf(P, 42); - printf("%n", &x); // expected-warning {{use of '%n' in format string discouraged }} } void torture(va_list v8) { @@ -186,7 +183,6 @@ void test10(int x, float f, int i, long long lli) { printf("%*d\n", f, x); // expected-warning{{field width should have type 'int', but argument has type 'double'}} printf("%*.*d\n", x, f, x); // expected-warning{{field precision should have type 'int', but argument has type 'double'}} printf("%**\n"); // expected-warning{{invalid conversion specifier '*'}} - printf("%n", &i); // expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} printf("%d%d\n", x); // expected-warning{{more '%' conversions than data arguments}} printf("%d\n", x, x); // expected-warning{{data argument not used by format string}} printf("%W%d%Z\n", x, x, x); // expected-warning{{invalid conversion specifier 'W'}} expected-warning{{invalid conversion specifier 'Z'}} @@ -317,14 +313,14 @@ void bug7377_bad_length_mod_usage() { // Bad flag usage printf("%#p", (void *) 0); // expected-warning{{flag '#' results in undefined behavior with 'p' conversion specifier}} printf("%0d", -1); // no-warning - printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} - printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} + printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}} + printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}} printf("%-p", (void *) 0); // no-warning // Bad optional amount use printf("%.2c", 'a'); // expected-warning{{precision used with 'c' conversion specifier, resulting in undefined behavior}} - printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} - printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}} + printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}} + printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}} // Ignored flags printf("% +f", 1.23); // expected-warning{{flag ' ' is ignored when flag '+' is present}} @@ -436,11 +432,6 @@ void pr9751() { printf(kFormat2, 1, "foo"); // expected-warning{{data argument position '18' exceeds the number of data arguments (2)}} printf("%18$s\n", 1, "foo"); // expected-warning{{data argument position '18' exceeds the number of data arguments (2)}} - const char kFormat3[] = "%n"; // expected-note{{format string is defined here}} - printf(kFormat3, (int*)NULL); // expected-warning{{use of '%n' in format string discouraged}} - printf("%n", (int*)NULL); // expected-warning{{use of '%n' in format string discouraged}} - - const char kFormat4[] = "%y"; // expected-note{{format string is defined here}} printf(kFormat4, 5); // expected-warning{{invalid conversion specifier 'y'}} printf("%y", 5); // expected-warning{{invalid conversion specifier 'y'}} -- 2.40.0