[cfe-commits] r94782 - in /cfe/trunk: include/clang/Analysis/Analyses/PrintfFormatString.h lib/Sema/SemaChecking.cpp

Ted Kremenek kremenek at apple.com
Thu Jan 28 17:35:25 PST 2010 

Author: kremenek
Date: Thu Jan 28 19:35:25 2010
New Revision: 94782

URL: http://llvm.org/viewvc/llvm-project?rev=94782&view=rev
Log:
Alternate format string checking: warn of '%n' as being potentially insecure.

Modified:
    cfe/trunk/include/clang/Analysis/Analyses/PrintfFormatString.h
    cfe/trunk/lib/Sema/SemaChecking.cpp

Modified: cfe/trunk/include/clang/Analysis/Analyses/PrintfFormatString.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/Analyses/PrintfFormatString.h?rev=94782&r1=94781&r2=94782&view=diff

==============================================================================
--- cfe/trunk/include/clang/Analysis/Analyses/PrintfFormatString.h (original)
+++ cfe/trunk/include/clang/Analysis/Analyses/PrintfFormatString.h Thu Jan 28 19:35:25 2010
@@ -65,7 +65,7 @@
   ConversionSpecifier(const char *pos, Kind k)
     : Position(pos), kind(k) {}
 
-  const char *getConversionStart() const {
+  const char *getStart() const {
     return Position;
   }
   

Modified: cfe/trunk/lib/Sema/SemaChecking.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Sema/SemaChecking.cpp?rev=94782&r1=94781&r2=94782&view=diff

==============================================================================
--- cfe/trunk/lib/Sema/SemaChecking.cpp (original)
+++ cfe/trunk/lib/Sema/SemaChecking.cpp Thu Jan 28 19:35:25 2010
@@ -1400,7 +1400,7 @@
   // Check for using an Objective-C specific conversion specifier
   // in a non-ObjC literal.
   if (!IsObjCLiteral && CS.isObjCArg()) {
-    SourceLocation Loc = getLocationOfByte(CS.getConversionStart());
+    SourceLocation Loc = getLocationOfByte(CS.getStart());
     S.Diag(Loc, diag::warn_printf_invalid_conversion)
       << llvm::StringRef(startSpecifier, specifierLen)
       << getFormatRange();
@@ -1408,6 +1408,16 @@
     // Continue checking the other format specifiers.
     return true;
   }
+  
+  // Are we using '%n'?  Issue a warning about this being
+  // a possible security issue.
+  if (CS.getKind() == ConversionSpecifier::OutIntPtrArg) {
+    S.Diag(getLocationOfByte(CS.getStart()), diag::warn_printf_write_back)
+      << getFormatRange();           
+    // Continue checking the other format specifiers.
+    return true;
+  }
+  
 
   return true;
 }

More information about the cfe-commits mailing list