[cfe-dev] proposed patch: detecting non-constant format strings in printf calls
Chris Lattner
clattner at apple.com
Fri Aug 10 13:23:13 PDT 2007
On Aug 10, 2007, at 12:18 PM, Ted Kremenek wrote:
> I've coded up some support in clang to flag warnings for non-
> constant format strings used in calls to printf-like functions (all
> the functions listed in "man fprintf"). Non-constant format
> strings are a source of many security exploits in C/C++ programs,
> and I believe are currently detected by gcc using the flag -Wformat-
> nonliteral.
>
> I've attached a patch that adds this support. I've also included
> two new files not under version control, including one file for
> regression testing.
Looks great, applied!
Thanks Ted,
-Chris
> I plan on adding additional checking for format strings.
>
> Patch affects:
>
> include/clang/Basic/DiagnosticKinds.def
> Sema/SemaExpr.cpp
> Sema/Sema.cpp
> Sema/Sema.h
>
> New files:
>
> in Sema/: SemaChecking.cpp
> in test/: format-strings.c
>
>
> <format_string.patch>
>
> <SemaChecking.cpp>
>
>
> <format-strings.c>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list