From d6de61539c778f1d8449208c381234d13f7643cb Mon Sep 17 00:00:00 2001
From: Alp Toker <alp@nuanti.com>
Date: Sun, 26 Jan 2014 05:08:49 +0000
Subject: [PATCH] Identify two more unsafe uses of getCustomDiagID()

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@200126 91177308-0d34-0410-b5e6-96231b3b80d8
---
 lib/ARCMigrate/ObjCMT.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/ARCMigrate/ObjCMT.cpp b/lib/ARCMigrate/ObjCMT.cpp
index af88cb6bc1..39370b9823 100644
--- a/lib/ARCMigrate/ObjCMT.cpp
+++ b/lib/ARCMigrate/ObjCMT.cpp
@@ -1845,6 +1845,8 @@ void ObjCMigrateASTConsumer::HandleTranslationUnit(ASTContext &Ctx) {
    std::string Error;
    llvm::raw_fd_ostream OS(MigrateDir.c_str(), Error, llvm::sys::fs::F_Binary);
     if (!Error.empty()) {
+      // FIXME: It's not safe to pass arbitrary user-generated strings into
+      // getCustomDiagID(). Use a constant diagnostic ID instead.
       unsigned ID = Ctx.getDiagnostics().getDiagnosticIDs()->
           getCustomDiagID(DiagnosticIDs::Error, Error);
       Ctx.getDiagnostics().Report(ID);
@@ -2061,6 +2063,8 @@ private:
 
 static bool reportDiag(const Twine &Err, DiagnosticsEngine &Diag) {
   SmallString<128> Buf;
+  // FIXME: It's not safe to pass arbitrary user-generated strings into
+  // getCustomDiagID(). Use a constant diagnostic ID instead.
   unsigned ID = Diag.getDiagnosticIDs()->getCustomDiagID(DiagnosticIDs::Error,
                                                          Err.toStringRef(Buf));
   Diag.Report(ID);
-- 
2.40.0