From 9c27c6bd260a3e4d531a2ebbcff339c4600da04f Mon Sep 17 00:00:00 2001 From: Benjamin Kramer Date: Sat, 20 Aug 2016 16:51:33 +0000 Subject: [PATCH] [Sema] Don't crash on scanf on forward-declared enums. This is valid in GNU C, which allows pointers to incomplete enums. GCC just pretends that the underlying type is 'int' in those cases, follow that behavior. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@279374 91177308-0d34-0410-b5e6-96231b3b80d8 --- lib/Analysis/FormatString.cpp | 17 ++++++++++++++--- lib/Analysis/ScanfFormatString.cpp | 6 +++++- test/Sema/format-strings-enum.c | 16 ++++++++++++++++ 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/lib/Analysis/FormatString.cpp b/lib/Analysis/FormatString.cpp index 83d08b5542..0872e788c6 100644 --- a/lib/Analysis/FormatString.cpp +++ b/lib/Analysis/FormatString.cpp @@ -310,8 +310,13 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const { return Match; case AnyCharTy: { - if (const EnumType *ETy = argTy->getAs()) + if (const EnumType *ETy = argTy->getAs()) { + // If the enum is incomplete we know nothing about the underlying type. + // Assume that it's 'int'. + if (!ETy->getDecl()->isComplete()) + return NoMatch; argTy = ETy->getDecl()->getIntegerType(); + } if (const BuiltinType *BT = argTy->getAs()) switch (BT->getKind()) { @@ -327,8 +332,14 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const { } case SpecificTy: { - if (const EnumType *ETy = argTy->getAs()) - argTy = ETy->getDecl()->getIntegerType(); + if (const EnumType *ETy = argTy->getAs()) { + // If the enum is incomplete we know nothing about the underlying type. + // Assume that it's 'int'. + if (!ETy->getDecl()->isComplete()) + argTy = C.IntTy; + else + argTy = ETy->getDecl()->getIntegerType(); + } argTy = C.getCanonicalType(argTy).getUnqualifiedType(); if (T == argTy) diff --git a/lib/Analysis/ScanfFormatString.cpp b/lib/Analysis/ScanfFormatString.cpp index 82b038864c..3b93f1a57f 100644 --- a/lib/Analysis/ScanfFormatString.cpp +++ b/lib/Analysis/ScanfFormatString.cpp @@ -418,8 +418,12 @@ bool ScanfSpecifier::fixType(QualType QT, QualType RawQT, QualType PT = QT->getPointeeType(); // If it's an enum, get its underlying type. - if (const EnumType *ETy = PT->getAs()) + if (const EnumType *ETy = PT->getAs()) { + // Don't try to fix incomplete enums. + if (!ETy->getDecl()->isComplete()) + return false; PT = ETy->getDecl()->getIntegerType(); + } const BuiltinType *BT = PT->getAs(); if (!BT) diff --git a/test/Sema/format-strings-enum.c b/test/Sema/format-strings-enum.c index e79f8598ab..ba077a887e 100644 --- a/test/Sema/format-strings-enum.c +++ b/test/Sema/format-strings-enum.c @@ -11,6 +11,7 @@ #endif EXTERN_C int printf(const char *,...); +EXTERN_C int scanf(const char *, ...); typedef enum { Constant = 0 } TestEnum; // Note that in C, the type of 'Constant' is 'int'. In C++ it is 'TestEnum'. @@ -34,3 +35,18 @@ void testLong(LongEnum input) { printf("%lu", input); printf("%lu", LongConstant); } + +#ifndef __cplusplus +// GNU C allows forward declaring enums. +extern enum forward_declared *fwd; + +void forward_enum() { + printf("%u", fwd); // expected-warning{{format specifies type 'unsigned int' but the argument has type 'enum forward_declared *}} + printf("%p", fwd); + + scanf("%c", fwd); // expected-warning{{format specifies type 'char *' but the argument has type 'enum forward_declared *}} + scanf("%u", fwd); + scanf("%lu", fwd); // expected-warning{{format specifies type 'unsigned long *' but the argument has type 'enum forward_declared *}} + scanf("%p", fwd); // expected-warning{{format specifies type 'void **' but the argument has type 'enum forward_declared *}} +} +#endif -- 2.40.0