[cfe-commits] r70368 - in /cfe/trunk: include/clang/Basic/DiagnosticGroups.td include/clang/Basic/DiagnosticSemaKinds.td lib/Sema/SemaChecking.cpp test/Sema/format-strings.c
Chris Lattner
sabre at nondot.org
Tue Apr 28 21:59:48 PDT 2009
Author: lattner
Date: Tue Apr 28 23:59:47 2009
New Revision: 70368
URL: http://llvm.org/viewvc/llvm-project?rev=70368&view=rev
Log:
implement -Wformat-security properly, which is enabled by default.
This enables one specific class of non-literal format warnings.
Modified:
cfe/trunk/include/clang/Basic/DiagnosticGroups.td
cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td
cfe/trunk/lib/Sema/SemaChecking.cpp
cfe/trunk/test/Sema/format-strings.c
Modified: cfe/trunk/include/clang/Basic/DiagnosticGroups.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/DiagnosticGroups.td?rev=70368&r1=70367&r2=70368&view=diff
==============================================================================
--- cfe/trunk/include/clang/Basic/DiagnosticGroups.td (original)
+++ cfe/trunk/include/clang/Basic/DiagnosticGroups.td Tue Apr 28 23:59:47 2009
@@ -35,8 +35,8 @@
def FormatExtraArgs : DiagGroup<"format-extra-args">;
def Format : DiagGroup<"format", [FormatExtraArgs]>;
-def FormatNonLiteral : DiagGroup<"format-nonliteral", [Format]>;
def FormatSecurity : DiagGroup<"format-security", [Format]>;
+def FormatNonLiteral : DiagGroup<"format-nonliteral", [FormatSecurity]>;
def FormatY2K : DiagGroup<"format-y2k", [Format]>;
def Format2 : DiagGroup<"format=2",
[FormatNonLiteral, FormatSecurity, FormatY2K]>;
Modified: cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td?rev=70368&r1=70367&r2=70368&view=diff
==============================================================================
--- cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td (original)
+++ cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td Tue Apr 28 23:59:47 2009
@@ -1057,8 +1057,11 @@
"initializer of a builtin type can only take one argument">;
def err_value_init_for_array_type : Error<
"array types cannot be value-initialized">;
-def warn_printf_not_string_constant : Warning<
+def warn_printf_nonliteral_noargs : Warning<
"format string is not a string literal (potentially insecure)">,
+ InGroup<FormatSecurity>;
+def warn_printf_nonliteral : Warning<
+ "format string is not a string literal">,
InGroup<FormatNonLiteral>, DefaultIgnore;
def err_unexpected_interface : Error<
Modified: cfe/trunk/lib/Sema/SemaChecking.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Sema/SemaChecking.cpp?rev=70368&r1=70367&r2=70368&view=diff
==============================================================================
--- cfe/trunk/lib/Sema/SemaChecking.cpp (original)
+++ cfe/trunk/lib/Sema/SemaChecking.cpp Tue Apr 28 23:59:47 2009
@@ -604,9 +604,16 @@
if (isa<ParmVarDecl>(DR->getDecl()))
return;
- Diag(TheCall->getArg(format_idx)->getLocStart(),
- diag::warn_printf_not_string_constant)
- << OrigFormatExpr->getSourceRange();
+ // If there are no arguments specified, warn with -Wformat-security, otherwise
+ // warn only with -Wformat-nonliteral.
+ if (TheCall->getNumArgs() == format_idx+1)
+ Diag(TheCall->getArg(format_idx)->getLocStart(),
+ diag::warn_printf_nonliteral_noargs)
+ << OrigFormatExpr->getSourceRange();
+ else
+ Diag(TheCall->getArg(format_idx)->getLocStart(),
+ diag::warn_printf_nonliteral)
+ << OrigFormatExpr->getSourceRange();
}
void Sema::CheckPrintfString(const StringLiteral *FExpr,
Modified: cfe/trunk/test/Sema/format-strings.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Sema/format-strings.c?rev=70368&r1=70367&r2=70368&view=diff
==============================================================================
--- cfe/trunk/test/Sema/format-strings.c (original)
+++ cfe/trunk/test/Sema/format-strings.c Tue Apr 28 23:59:47 2009
@@ -113,3 +113,15 @@
printf(s4); // expected-warning{{not a string literal}}
printf(s5); // expected-warning{{not a string literal}}
}
+
+
+// Test what happens when -Wformat-security only.
+#pragma GCC diagnostic ignored "-Wformat-nonliteral"
+#pragma GCC diagnostic warning "-Wformat-security"
+
+void test9(char *P) {
+ int x;
+ printf(P); // expected-warning {{format string is not a string literal (potentially insecure)}}
+ printf(P, 42);
+ printf("%n", &x); // expected-warning {{use of '%n' in format string discouraged }}
+}
More information about the cfe-commits
mailing list