[PATCH] 18412 - Add warning when scanf %s is used without a field width

Zach Davis zdavkeos at gmail.com
Fri Mar 21 14:14:33 PDT 2014

Background: Bug 18412 suggests that the compiler should issue a
security warning when a scanf %s format specifier does not
include a field width.  This is the third patche working toward
this (r202114, 204300).

This patch adds the actual warning. The warning is part of the
FormatSecurity warning group.


    test.c:14:10: warning: no field width in scanf string format
specifier (potentially insecure)
      scanf("%s", str);

Presently one of the tests in test/Sema/format-strings-scanf.c
fails due to the way the tests are executed (the file is
re-compiled with the -Wformat=0 option). I would appreciate any
advice on fixing this test case.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 18412.patch
Type: application/octet-stream
Size: 3055 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20140321/bbba33f9/attachment.obj>

More information about the cfe-commits mailing list