[cfe-commits] [PATCH] Remove security warning for use of '%n' specifier in format string literals

Richard Smith richard at metafoo.co.uk
Mon Jul 30 13:16:40 PDT 2012


--- a/test/Sema/format-strings.c
+++ b/test/Sema/format-strings.c
@@ -86,12 +86,8 @@ void check_conditional_literal(const char* s, int i) {

 void check_writeback_specifier()
-  int x;
   char *b;
-  printf("%n",&x); // expected-warning {{'%n' in format string
-  sprintf(b,"%d%%%n",1, &x); // expected-warning {{'%n' in format string

Maybe keep these ones as no-warning tests?

On Mon, Jul 30, 2012 at 11:28 AM, Matt Beaumont-Gay <matthewbg at google.com>wrote:

> Following on Hans's r160966...
> Clang currently warns about any use of the '%n' format specifier:
> test.cc:5:14: warning: use of '%n' in format string discouraged
> (potentially insecure) [-Wformat-security]
>   printf("%d%n", i, &n);
>             ~^
> While '%n' can be used for evil in an attacker-controlled format
> string, there isn't any acute danger in using it in a literal format
> string with an argument of the appropriate type. (If preceding format
> arguments are derived from untrusted input, then the value written to
> the '%n' argument can be somewhat controlled by an attacker, but this
> is no worse than any other means by which a program may set a variable
> based on untrusted input.) This patch removes the blanket warning for
> any use of '%n'; misuses of it, e.g. passing the wrong argument type,
> will be caught by the functionality that Hans just added.
> -Matt
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20120730/307f6477/attachment.html>

More information about the cfe-commits mailing list