[cfe-commits] r146326 - in /cfe/trunk: include/clang/Analysis/Analyses/FormatString.h lib/Analysis/ScanfFormatString.cpp lib/Sema/SemaChecking.cpp test/Analysis/taint-generic.c test/Analysis/taint-tester.c test/Sema/format-strings-fixit.c test/Se
Ted Kremenek
kremenek at apple.com
Wed Dec 14 13:29:47 PST 2011
Looks good to me.
My main concern is that we should have a few more test cases where 'a' is used *incorrectly* just to make sure the parsing doesn't fall over in the other cases.
On Dec 14, 2011, at 3:15 AM, Hans Wennborg wrote:
> On Wed, Dec 14, 2011 at 1:03 AM, Ted Kremenek <kremenek at apple.com> wrote:
>> On Dec 13, 2011, at 7:09 AM, Hans Wennborg <hans at chromium.org> wrote:
>>
>>> The trouble is that 'a' can mean two things in a scanf format string.
>>> If it is before 's', 'S' or '[', it is a length modifier (as a C90 GNU
>>> extensions), otherwise it is a conversion specifier (same as 'f').
>>>
>>> The lookahead is not to do a semantic check, it is to decide whether
>>> to parse the 'a' as a length modifier, or not.
>>
>> Ah, makes sense. Can you include that information in a comment?
>
> Will do.
>
> Thinking about this some more, we should only consider parsing 'a' as
> a length modifier in C90, and for scanf only. Because "%as" is valid
> in both C99 and C90 (with GNU extensions), but means different things
> *sigh*.
>
> Attaching a new patch.
>
> Thanks,
> Hans
> <scanf-alloc-modifier2.diff>
More information about the cfe-commits
mailing list