[cfe-commits] r160984 - in /cfe/trunk: include/clang/Basic/DiagnosticSemaKinds.td lib/Sema/SemaChecking.cpp test/Sema/format-strings.c

Matt Beaumont-Gay matthewbg at google.com
Mon Jul 30 13:21:58 PDT 2012 

Author: matthewbg
Date: Mon Jul 30 15:21:58 2012
New Revision: 160984

URL: http://llvm.org/viewvc/llvm-project?rev=160984&view=rev
Log:
Do not warn on correct use of the '%n' format specifier.

While '%n' can be used for evil in an attacker-controlled format string, there
isn't any acute danger in using it in a literal format string with an argument
of the appropriate type.

Modified:
    cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td
    cfe/trunk/lib/Sema/SemaChecking.cpp
    cfe/trunk/test/Sema/format-strings.c

Modified: cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td?rev=160984&r1=160983&r2=160984&view=diff
==============================================================================
--- cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td (original)
+++ cfe/trunk/include/clang/Basic/DiagnosticSemaKinds.td Mon Jul 30 15:21:58 2012
@@ -5327,9 +5327,6 @@
 def note_array_index_out_of_bounds : Note<
   "array %0 declared here">;
 
-def warn_printf_write_back : Warning<
-  "use of '%%n' in format string discouraged (potentially insecure)">,
-  InGroup<FormatSecurity>;
 def warn_printf_insufficient_data_args : Warning<
   "more '%%' conversions than data arguments">, InGroup<Format>;
 def warn_printf_data_arg_not_used : Warning<

Modified: cfe/trunk/lib/Sema/SemaChecking.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Sema/SemaChecking.cpp?rev=160984&r1=160983&r2=160984&view=diff
==============================================================================
--- cfe/trunk/lib/Sema/SemaChecking.cpp (original)
+++ cfe/trunk/lib/Sema/SemaChecking.cpp Mon Jul 30 15:21:58 2012
@@ -2561,15 +2561,6 @@
     HandleNonStandardConversionSpecification(LM, CS, startSpecifier,
                                              specifierLen);
 
-  // Are we using '%n'?
-  if (CS.getKind() == ConversionSpecifier::nArg) {
-    // Issue a warning about this being a possible security issue.
-    EmitFormatDiagnostic(S.PDiag(diag::warn_printf_write_back),
-                         getLocationOfByte(CS.getStart()),
-                         /*IsStringLocation*/true,
-                         getSpecifierRange(startSpecifier, specifierLen));
-  }
-
   // The remaining checks depend on the data arguments.
   if (HasVAListArg)
     return true;

Modified: cfe/trunk/test/Sema/format-strings.c
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Sema/format-strings.c?rev=160984&r1=160983&r2=160984&view=diff
==============================================================================
--- cfe/trunk/test/Sema/format-strings.c (original)
+++ cfe/trunk/test/Sema/format-strings.c Mon Jul 30 15:21:58 2012
@@ -88,10 +88,8 @@
 {
   int x;
   char *b;
-
-  printf("%n",&x); // expected-warning {{'%n' in format string discouraged}}
-  sprintf(b,"%d%%%n",1, &x); // expected-warning {{'%n' in format string dis}}
-  printf("%n",b); // expected-warning {{'%n' in format string discouraged}} expected-warning{{format specifies type 'int *' but the argument has type 'char *'}}
+  printf("%n", b); // expected-warning{{format specifies type 'int *' but the argument has type 'char *'}}
+  printf("%n", &x); // no-warning
 }
 
 void check_invalid_specifier(FILE* fp, char *buf)
@@ -168,7 +166,6 @@
   int x;
   printf(P);   // expected-warning {{format string is not a string literal (potentially insecure)}}
   printf(P, 42);
-  printf("%n", &x); // expected-warning {{use of '%n' in format string discouraged }}
 }
 
 void torture(va_list v8) {
@@ -186,7 +183,6 @@
   printf("%*d\n", f, x); // expected-warning{{field width should have type 'int', but argument has type 'double'}}
   printf("%*.*d\n", x, f, x); // expected-warning{{field precision should have type 'int', but argument has type 'double'}}
   printf("%**\n"); // expected-warning{{invalid conversion specifier '*'}}
-  printf("%n", &i); // expected-warning{{use of '%n' in format string discouraged (potentially insecure)}}
   printf("%d%d\n", x); // expected-warning{{more '%' conversions than data arguments}}
   printf("%d\n", x, x); // expected-warning{{data argument not used by format string}}
   printf("%W%d%Z\n", x, x, x); // expected-warning{{invalid conversion specifier 'W'}} expected-warning{{invalid conversion specifier 'Z'}}
@@ -317,14 +313,14 @@
   // Bad flag usage
   printf("%#p", (void *) 0); // expected-warning{{flag '#' results in undefined behavior with 'p' conversion specifier}}
   printf("%0d", -1); // no-warning
-  printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}}
-  printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}}
+  printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}}
+  printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}}
   printf("%-p", (void *) 0); // no-warning
 
   // Bad optional amount use
   printf("%.2c", 'a'); // expected-warning{{precision used with 'c' conversion specifier, resulting in undefined behavior}}
-  printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}}
-  printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}} expected-warning{{use of '%n' in format string discouraged (potentially insecure)}}
+  printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}}
+  printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}}
 
   // Ignored flags
   printf("% +f", 1.23); // expected-warning{{flag ' ' is ignored when flag '+' is present}}
@@ -436,11 +432,6 @@
   printf(kFormat2, 1, "foo"); // expected-warning{{data argument position '18' exceeds the number of data arguments (2)}}
   printf("%18$s\n", 1, "foo"); // expected-warning{{data argument position '18' exceeds the number of data arguments (2)}}
 
-  const char kFormat3[] = "%n"; // expected-note{{format string is defined here}}
-  printf(kFormat3, (int*)NULL); // expected-warning{{use of '%n' in format string discouraged}}
-  printf("%n", (int*)NULL); // expected-warning{{use of '%n' in format string discouraged}}
-
-
   const char kFormat4[] = "%y"; // expected-note{{format string is defined here}}
   printf(kFormat4, 5); // expected-warning{{invalid conversion specifier 'y'}}
   printf("%y", 5); // expected-warning{{invalid conversion specifier 'y'}}

More information about the cfe-commits mailing list