[cfe-commits] [PATCH] Remove security warning for use of '%n' specifier in format string literals
Richard Smith
richard at metafoo.co.uk
Mon Jul 30 13:16:40 PDT 2012
LGTM
--- a/test/Sema/format-strings.c
+++ b/test/Sema/format-strings.c
@@ -86,12 +86,8 @@ void check_conditional_literal(const char* s, int i) {
void check_writeback_specifier()
{
- int x;
char *b;
-
- printf("%n",&x); // expected-warning {{'%n' in format string
discouraged}}
- sprintf(b,"%d%%%n",1, &x); // expected-warning {{'%n' in format string
dis}}
Maybe keep these ones as no-warning tests?
On Mon, Jul 30, 2012 at 11:28 AM, Matt Beaumont-Gay <matthewbg at google.com>wrote:
> Following on Hans's r160966...
>
> Clang currently warns about any use of the '%n' format specifier:
> test.cc:5:14: warning: use of '%n' in format string discouraged
> (potentially insecure) [-Wformat-security]
> printf("%d%n", i, &n);
> ~^
>
> While '%n' can be used for evil in an attacker-controlled format
> string, there isn't any acute danger in using it in a literal format
> string with an argument of the appropriate type. (If preceding format
> arguments are derived from untrusted input, then the value written to
> the '%n' argument can be somewhat controlled by an attacker, but this
> is no worse than any other means by which a program may set a variable
> based on untrusted input.) This patch removes the blanket warning for
> any use of '%n'; misuses of it, e.g. passing the wrong argument type,
> will be caught by the functionality that Hans just added.
>
> -Matt
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20120730/307f6477/attachment.html>
More information about the cfe-commits
mailing list