From b7c21018ec1049580cf6df88db09e606550a7baa Mon Sep 17 00:00:00 2001
From: Ted Kremenek <kremenek@apple.com>
Date: Fri, 16 Jul 2010 18:28:03 +0000
Subject: [PATCH] Hook up warning for an incomplete scanlist in scanf format
 strings.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108542 91177308-0d34-0410-b5e6-96231b3b80d8
---
 include/clang/Basic/DiagnosticSemaKinds.td | 2 +-
 lib/Analysis/ScanfFormatString.cpp         | 4 ++--
 lib/Sema/SemaChecking.cpp                  | 8 ++++++++
 test/Sema/format-strings-scanf.c           | 1 +
 4 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/include/clang/Basic/DiagnosticSemaKinds.td b/include/clang/Basic/DiagnosticSemaKinds.td
index 9dac3f2422..b88480dc69 100644
--- a/include/clang/Basic/DiagnosticSemaKinds.td
+++ b/include/clang/Basic/DiagnosticSemaKinds.td
@@ -2985,7 +2985,7 @@ def warn_printf_ignored_flag: Warning<
   "flag '%0' is ignored when flag '%1' is present">,
   InGroup<Format>;
 def warn_scanf_scanlist_incomplete : Warning<
-  "scanlist not terminated in format string">,
+  "no closing â]â for â%%[â in scanf format string">,
   InGroup<Format>;
   
 // CHECK: returning address/reference of stack memory
diff --git a/lib/Analysis/ScanfFormatString.cpp b/lib/Analysis/ScanfFormatString.cpp
index 1fa4faea18..a5fe77ddd8 100644
--- a/lib/Analysis/ScanfFormatString.cpp
+++ b/lib/Analysis/ScanfFormatString.cpp
@@ -41,7 +41,7 @@ static bool ParseScanList(FormatStringHandler &H,
   // Special case: ']' is the first character.
   if (*I == ']') {
     if (++I == E) {
-      H.HandleIncompleteScanList(start, I);
+      H.HandleIncompleteScanList(start, I - 1);
       return true;
     }
   }
@@ -49,7 +49,7 @@ static bool ParseScanList(FormatStringHandler &H,
   // Look for a ']' character which denotes the end of the scan list.
   while (*I != ']') {
     if (++I == E) {
-      H.HandleIncompleteScanList(start, I);
+      H.HandleIncompleteScanList(start, I - 1);
       return true;
     }
   }    
diff --git a/lib/Sema/SemaChecking.cpp b/lib/Sema/SemaChecking.cpp
index d789730715..370d350329 100644
--- a/lib/Sema/SemaChecking.cpp
+++ b/lib/Sema/SemaChecking.cpp
@@ -1617,9 +1617,17 @@ public:
   bool HandleScanfSpecifier(const analyze_scanf::ScanfSpecifier &FS,
                             const char *startSpecifier,
                             unsigned specifierLen);
+
+  void HandleIncompleteScanList(const char *start, const char *end);
 };
 }
 
+void CheckScanfHandler::HandleIncompleteScanList(const char *start,
+                                                 const char *end) {
+  S.Diag(getLocationOfByte(end), diag::warn_scanf_scanlist_incomplete)
+    << getSpecifierRange(start, end - start);
+}
+
 bool CheckScanfHandler::HandleScanfSpecifier(
                                        const analyze_scanf::ScanfSpecifier &FS,
                                        const char *startSpecifier,
diff --git a/test/Sema/format-strings-scanf.c b/test/Sema/format-strings-scanf.c
index 63e81d4c74..f571886877 100644
--- a/test/Sema/format-strings-scanf.c
+++ b/test/Sema/format-strings-scanf.c
@@ -11,4 +11,5 @@ void test(const char *s, int *i) {
   scanf(s, i); // expected-warning{{ormat string is not a string literal}}
   scanf("%0d", i); // expected-warning{{zero field width in scanf format string is unused}}
   scanf("%00d", i); // expected-warning{{zero field width in scanf format string is unused}}
+  scanf("%d%[asdfasdfd", i, s); // expected-warning{{no closing â]â for â%[â in scanf format string}}
 }
-- 
2.40.0

