[cfe-commits] r146326 - in /cfe/trunk: include/clang/Analysis/Analyses/FormatString.h lib/Analysis/ScanfFormatString.cpp lib/Sema/SemaChecking.cpp test/Analysis/taint-generic.c test/Analysis/taint-tester.c test/Sema/format-strings-fixit.c test/Se
Hans Wennborg
hans at chromium.org
Wed Dec 14 03:15:26 PST 2011
On Wed, Dec 14, 2011 at 1:03 AM, Ted Kremenek <kremenek at apple.com> wrote:
> On Dec 13, 2011, at 7:09 AM, Hans Wennborg <hans at chromium.org> wrote:
>
>> The trouble is that 'a' can mean two things in a scanf format string.
>> If it is before 's', 'S' or '[', it is a length modifier (as a C90 GNU
>> extensions), otherwise it is a conversion specifier (same as 'f').
>>
>> The lookahead is not to do a semantic check, it is to decide whether
>> to parse the 'a' as a length modifier, or not.
>
> Ah, makes sense. Can you include that information in a comment?
Will do.
Thinking about this some more, we should only consider parsing 'a' as
a length modifier in C90, and for scanf only. Because "%as" is valid
in both C99 and C90 (with GNU extensions), but means different things
*sigh*.
Attaching a new patch.
Thanks,
Hans
-------------- next part --------------
A non-text attachment was scrubbed...
Name: scanf-alloc-modifier2.diff
Type: text/x-patch
Size: 12868 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20111214/7decbbc0/attachment.bin>
More information about the cfe-commits
mailing list