r200126 - Identify two more unsafe uses of getCustomDiagID()

[Alp Toker]

Author: alp
Date: Sat Jan 25 23:08:49 2014
New Revision: 200126

URL: http://llvm.org/viewvc/llvm-project?rev=200126&view=rev
Log:
Identify two more unsafe uses of getCustomDiagID()

Modified:
    cfe/trunk/lib/ARCMigrate/ObjCMT.cpp

Modified: cfe/trunk/lib/ARCMigrate/ObjCMT.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/ARCMigrate/ObjCMT.cpp?rev=200126&r1=200125&r2=200126&view=diff
==============================================================================
--- cfe/trunk/lib/ARCMigrate/ObjCMT.cpp (original)
+++ cfe/trunk/lib/ARCMigrate/ObjCMT.cpp Sat Jan 25 23:08:49 2014
@@ -1845,6 +1845,8 @@ void ObjCMigrateASTConsumer::HandleTrans
    std::string Error;
    llvm::raw_fd_ostream OS(MigrateDir.c_str(), Error, llvm::sys::fs::F_Binary);
     if (!Error.empty()) {
+      // FIXME: It's not safe to pass arbitrary user-generated strings into
+      // getCustomDiagID(). Use a constant diagnostic ID instead.
       unsigned ID = Ctx.getDiagnostics().getDiagnosticIDs()->
           getCustomDiagID(DiagnosticIDs::Error, Error);
       Ctx.getDiagnostics().Report(ID);
@@ -2061,6 +2063,8 @@ private:
 
 static bool reportDiag(const Twine &Err, DiagnosticsEngine &Diag) {
   SmallString<128> Buf;
+  // FIXME: It's not safe to pass arbitrary user-generated strings into
+  // getCustomDiagID(). Use a constant diagnostic ID instead.
   unsigned ID = Diag.getDiagnosticIDs()->getCustomDiagID(DiagnosticIDs::Error,
                                                          Err.toStringRef(Buf));
   Diag.Report(ID);