[clang] 56c3b8e - [clang][Sema] Make format size estimator aware of %p's existence in format string (#65969)
via cfe-commits
cfe-commits at lists.llvm.org
Sun Sep 24 18:03:51 PDT 2023
Author: Takuya Shimizu
Date: 2023-09-25T10:03:46+09:00
New Revision: 56c3b8e997d065b568964f71715ecbbd28c2e4a4
URL: https://github.com/llvm/llvm-project/commit/56c3b8e997d065b568964f71715ecbbd28c2e4a4
DIFF: https://github.com/llvm/llvm-project/commit/56c3b8e997d065b568964f71715ecbbd28c2e4a4.diff
LOG: [clang][Sema] Make format size estimator aware of %p's existence in format string (#65969)
This change introduces `-Wformat-overflow` and `-Wformat-truncation` warning flags that were formerly diagnosed from `-Wfortify-source` warning group.
This also introduces `-Wformat-overflow-non-kprintf` and `-Wformat-truncation-non-kprintf`, both of which will be used when the format string contains `%p` format string.
The rationale for this is that Linux kernel has its own extension for `%p` format specifier, and we need some way to suppress false positives in kernel codebase.
The approach of this patch aims NOT to affect non-kernel codebases.
Note that GCC stops format size estimation upon `%p` format specifier.
As requested in https://github.com/llvm/llvm-project/issues/64871
Added:
clang/test/Sema/warn-format-overflow-truncation.c
Modified:
clang/docs/ReleaseNotes.rst
clang/include/clang/Basic/DiagnosticGroups.td
clang/include/clang/Basic/DiagnosticSemaKinds.td
clang/lib/Sema/SemaChecking.cpp
clang/test/Misc/warning-wall.c
clang/test/Sema/warn-fortify-source.c
Removed:
################################################################################
diff --git a/clang/docs/ReleaseNotes.rst b/clang/docs/ReleaseNotes.rst
index 8b5e48d1758d96d..7abcb8d799e09dc 100644
--- a/clang/docs/ReleaseNotes.rst
+++ b/clang/docs/ReleaseNotes.rst
@@ -185,9 +185,19 @@ Improvements to Clang's diagnostics
- Clang constexpr evaluator now diagnoses compound assignment operators against
uninitialized variables as a read of uninitialized object.
(`#51536 <https://github.com/llvm/llvm-project/issues/51536>`_)
-- Clang's ``-Wfortify-source`` now diagnoses ``snprintf`` call that is known to
+- Clang's ``-Wformat-truncation`` now diagnoses ``snprintf`` call that is known to
result in string truncation.
(`#64871: <https://github.com/llvm/llvm-project/issues/64871>`_).
+ Existing warnings that similarly warn about the overflow in ``sprintf``
+ now falls under its own warning group ```-Wformat-overflow`` so that it can
+ be disabled separately from ``Wfortify-source``.
+ These two new warning groups have subgroups ``-Wformat-truncation-non-kprintf``
+ and ``-Wformat-overflow-non-kprintf``, respectively. These subgroups are used when
+ the format string contains ``%p`` format specifier.
+ Because Linux kernel's codebase has format extensions for ``%p``, kernel developers
+ are encouraged to disable these two subgroups by setting ``-Wno-format-truncation-non-kprintf``
+ and ``-Wno-format-overflow-non-kprintf`` in order to avoid false positives on
+ the kernel codebase.
Also clang no longer emits false positive warnings about the output length of
``%g`` format specifier and about ``%o, %x, %X`` with ``#`` flag.
- Clang now emits ``-Wcast-qual`` for functional-style cast expressions.
diff --git a/clang/include/clang/Basic/DiagnosticGroups.td b/clang/include/clang/Basic/DiagnosticGroups.td
index 00c458fb23e73e2..afbf0f0ed22e57f 100644
--- a/clang/include/clang/Basic/DiagnosticGroups.td
+++ b/clang/include/clang/Basic/DiagnosticGroups.td
@@ -961,10 +961,16 @@ def FormatNonStandard : DiagGroup<"format-non-iso">;
def FormatY2K : DiagGroup<"format-y2k">;
def FormatPedantic : DiagGroup<"format-pedantic">;
def FormatTypeConfusion : DiagGroup<"format-type-confusion">;
+
+def FormatOverflowNonKprintf: DiagGroup<"format-overflow-non-kprintf">;
+def FormatOverflow: DiagGroup<"format-overflow", [FormatOverflowNonKprintf]>;
+def FormatTruncationNonKprintf: DiagGroup<"format-truncation-non-kprintf">;
+def FormatTruncation: DiagGroup<"format-truncation", [FormatTruncationNonKprintf]>;
+
def Format : DiagGroup<"format",
[FormatExtraArgs, FormatZeroLength, NonNull,
FormatSecurity, FormatY2K, FormatInvalidSpecifier,
- FormatInsufficientArgs]>,
+ FormatInsufficientArgs, FormatOverflow, FormatTruncation]>,
DiagCategory<"Format String Issue">;
def FormatNonLiteral : DiagGroup<"format-nonliteral">;
def Format2 : DiagGroup<"format=2",
@@ -1400,7 +1406,7 @@ def CrossTU : DiagGroup<"ctu">;
def CTADMaybeUnsupported : DiagGroup<"ctad-maybe-unsupported">;
-def FortifySource : DiagGroup<"fortify-source">;
+def FortifySource : DiagGroup<"fortify-source", [FormatOverflow, FormatTruncation]>;
def MaxTokens : DiagGroup<"max-tokens"> {
code Documentation = [{
diff --git a/clang/include/clang/Basic/DiagnosticSemaKinds.td b/clang/include/clang/Basic/DiagnosticSemaKinds.td
index 9613cca63193ffd..f4eb02fd9570c2f 100644
--- a/clang/include/clang/Basic/DiagnosticSemaKinds.td
+++ b/clang/include/clang/Basic/DiagnosticSemaKinds.td
@@ -854,15 +854,29 @@ def warn_fortify_strlen_overflow: Warning<
" but the source string has length %2 (including NUL byte)">,
InGroup<FortifySource>;
-def warn_fortify_source_format_overflow : Warning<
+def subst_format_overflow : TextSubstitution<
"'%0' will always overflow; destination buffer has size %1,"
- " but format string expands to at least %2">,
- InGroup<FortifySource>;
+ " but format string expands to at least %2">;
+
+def warn_format_overflow : Warning<
+ "%sub{subst_format_overflow}0,1,2">,
+ InGroup<FormatOverflow>;
+
+def warn_format_overflow_non_kprintf : Warning<
+ "%sub{subst_format_overflow}0,1,2">,
+ InGroup<FormatOverflowNonKprintf>;
-def warn_fortify_source_format_truncation: Warning<
+def subst_format_truncation: TextSubstitution<
"'%0' will always be truncated; specified size is %1,"
- " but format string expands to at least %2">,
- InGroup<FortifySource>;
+ " but format string expands to at least %2">;
+
+def warn_format_truncation: Warning<
+ "%sub{subst_format_truncation}0,1,2">,
+ InGroup<FormatTruncation>;
+
+def warn_format_truncation_non_kprintf: Warning<
+ "%sub{subst_format_truncation}0,1,2">,
+ InGroup<FormatTruncationNonKprintf>;
def warn_fortify_scanf_overflow : Warning<
"'%0' may overflow; destination buffer in argument %1 has size "
diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index b867d55c174e68b..1d56c495e899722 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -854,6 +854,9 @@ class ScanfDiagnosticFormatHandler
class EstimateSizeFormatHandler
: public analyze_format_string::FormatStringHandler {
size_t Size;
+ /// Whether the format string contains Linux kernel's format specifier
+ /// extension.
+ bool IsKernelCompatible = true;
public:
EstimateSizeFormatHandler(StringRef Format)
@@ -933,6 +936,10 @@ class EstimateSizeFormatHandler
// Just a pointer in the form '0xddd'.
case analyze_format_string::ConversionSpecifier::pArg:
+ // Linux kernel has its own extesion for `%p` specifier.
+ // Kernel Document:
+ // https://docs.kernel.org/core-api/printk-formats.html#pointer-types
+ IsKernelCompatible = false;
Size += std::max(FieldWidth, 2 /* leading 0x */ + Precision);
break;
@@ -990,6 +997,7 @@ class EstimateSizeFormatHandler
}
size_t getSizeLowerBound() const { return Size; }
+ bool isKernelCompatible() const { return IsKernelCompatible; }
private:
static size_t computeFieldWidth(const analyze_printf::PrintfSpecifier &FS) {
@@ -1259,7 +1267,9 @@ void Sema::checkFortifiedBuiltinMemoryFunction(FunctionDecl *FD,
if (!analyze_format_string::ParsePrintfString(
H, FormatBytes, FormatBytes + StrLen, getLangOpts(),
Context.getTargetInfo(), false)) {
- DiagID = diag::warn_fortify_source_format_overflow;
+ DiagID = H.isKernelCompatible()
+ ? diag::warn_format_overflow
+ : diag::warn_format_overflow_non_kprintf;
SourceSize = llvm::APSInt::getUnsigned(H.getSizeLowerBound())
.extOrTrunc(SizeTypeWidth);
if (BuiltinID == Builtin::BI__builtin___sprintf_chk) {
@@ -1350,10 +1360,17 @@ void Sema::checkFortifiedBuiltinMemoryFunction(FunctionDecl *FD,
llvm::APSInt::getUnsigned(H.getSizeLowerBound())
.extOrTrunc(SizeTypeWidth);
if (FormatSize > *SourceSize && *SourceSize != 0) {
- DiagID = diag::warn_fortify_source_format_truncation;
- DestinationSize = SourceSize;
- SourceSize = FormatSize;
- break;
+ unsigned TruncationDiagID =
+ H.isKernelCompatible() ? diag::warn_format_truncation
+ : diag::warn_format_truncation_non_kprintf;
+ SmallString<16> SpecifiedSizeStr;
+ SmallString<16> FormatSizeStr;
+ SourceSize->toString(SpecifiedSizeStr, /*Radix=*/10);
+ FormatSize.toString(FormatSizeStr, /*Radix=*/10);
+ DiagRuntimeBehavior(TheCall->getBeginLoc(), TheCall,
+ PDiag(TruncationDiagID)
+ << GetFunctionName() << SpecifiedSizeStr
+ << FormatSizeStr);
}
}
}
diff --git a/clang/test/Misc/warning-wall.c b/clang/test/Misc/warning-wall.c
index a0bd571cab05139..57866713fc570f1 100644
--- a/clang/test/Misc/warning-wall.c
+++ b/clang/test/Misc/warning-wall.c
@@ -19,6 +19,10 @@ CHECK-NEXT: -Wformat-security
CHECK-NEXT: -Wformat-y2k
CHECK-NEXT: -Wformat-invalid-specifier
CHECK-NEXT: -Wformat-insufficient-args
+CHECK-NEXT: -Wformat-overflow
+CHECK-NEXT: -Wformat-overflow-non-kprintf
+CHECK-NEXT: -Wformat-truncation
+CHECK-NEXT: -Wformat-truncation-non-kprintf
CHECK-NEXT: -Wfor-loop-analysis
CHECK-NEXT: -Wframe-address
CHECK-NEXT: -Wimplicit
diff --git a/clang/test/Sema/warn-format-overflow-truncation.c b/clang/test/Sema/warn-format-overflow-truncation.c
new file mode 100644
index 000000000000000..c64a1ed8aaa05a7
--- /dev/null
+++ b/clang/test/Sema/warn-format-overflow-truncation.c
@@ -0,0 +1,156 @@
+// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 %s -verify=kprintf,nonkprintf,expected
+// RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 %s -verify=kprintf,nonkprintf,expected
+// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 -Wno-format-truncation -Wno-format-overflow %s -verify
+// RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 -Wno-format-truncation -Wno-format-overflow %s -verify
+// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 -Wno-format-truncation-non-kprintf -Wno-format-overflow-non-kprintf %s -verify=kprintf,expected
+// RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 -Wno-format-truncation-non-kprintf -Wno-format-overflow-non-kprintf %s -verify=kprintf,expected
+// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 -Wno-format-overflow -Wno-format-truncation -Wformat-truncation-non-kprintf -Wformat-overflow-non-kprintf %s -verify=nonkprintf,expected
+// RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 -Wno-format-overflow -Wno-format-truncation -Wformat-truncation-non-kprintf -Wformat-overflow-non-kprintf %s -verify=nonkprintf,expected
+
+typedef unsigned long size_t;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern int sprintf(char *str, const char *format, ...);
+
+#ifdef __cplusplus
+}
+#endif
+
+void call_snprintf(double d, int n, int *ptr) {
+ char buf[10];
+ __builtin_snprintf(buf, 10, "merp");
+ __builtin_snprintf(buf, 11, "merp"); // expected-warning {{'snprintf' size argument is too large; destination buffer has size 10, but size argument is 11}}
+ __builtin_snprintf(buf, 12, "%#12x", n); // kprintf-warning {{'snprintf' will always be truncated; specified size is 12, but format string expands to at least 13}} \
+ // expected-warning {{'snprintf' size argument is too large; destination buffer has size 10, but size argument is 12}}
+ __builtin_snprintf(buf, 0, "merp");
+ __builtin_snprintf(buf, 3, "merp"); // kprintf-warning {{'snprintf' will always be truncated; specified size is 3, but format string expands to at least 5}}
+ __builtin_snprintf(buf, 4, "merp"); // kprintf-warning {{'snprintf' will always be truncated; specified size is 4, but format string expands to at least 5}}
+ __builtin_snprintf(buf, 5, "merp");
+ __builtin_snprintf(buf, 1, "%.1000g", d); // kprintf-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ __builtin_snprintf(buf, 5, "%.1000g", d);
+ __builtin_snprintf(buf, 5, "%.1000G", d);
+ __builtin_snprintf(buf, 10, " %#08x", n);
+ __builtin_snprintf(buf, 2, "%#x", n);
+ __builtin_snprintf(buf, 2, "%#X", n);
+ __builtin_snprintf(buf, 2, "%#o", n);
+ __builtin_snprintf(buf, 1, "%#x", n); // kprintf-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ __builtin_snprintf(buf, 1, "%#X", n); // kprintf-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ __builtin_snprintf(buf, 1, "%#o", n); // kprintf-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ char node_name[6];
+ __builtin_snprintf(node_name, sizeof(node_name), "%pOFn", ptr); // nonkprintf-warning {{'snprintf' will always be truncated; specified size is 6, but format string expands to at least 7}}
+ __builtin_snprintf(node_name, sizeof(node_name), "12345%pOFn", ptr); // nonkprintf-warning {{'snprintf' will always be truncated; specified size is 6, but format string expands to at least 12}}
+ __builtin_snprintf(node_name, sizeof(node_name), "123456%pOFn", ptr); // nonkprintf-warning {{'snprintf' will always be truncated; specified size is 6, but format string expands to at least 13}}
+}
+
+void call_vsnprintf(void) {
+ char buf[10];
+ __builtin_va_list list;
+ __builtin_vsnprintf(buf, 10, "merp", list);
+ __builtin_vsnprintf(buf, 11, "merp", list); // expected-warning {{'vsnprintf' size argument is too large; destination buffer has size 10, but size argument is 11}}
+ __builtin_vsnprintf(buf, 0, "merp", list);
+ __builtin_vsnprintf(buf, 3, "merp", list); // kprintf-warning {{'vsnprintf' will always be truncated; specified size is 3, but format string expands to at least 5}}
+ __builtin_vsnprintf(buf, 4, "merp", list); // kprintf-warning {{'vsnprintf' will always be truncated; specified size is 4, but format string expands to at least 5}}
+ __builtin_vsnprintf(buf, 5, "merp", list);
+ __builtin_vsnprintf(buf, 1, "%.1000g", list); // kprintf-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ __builtin_vsnprintf(buf, 5, "%.1000g", list);
+ __builtin_vsnprintf(buf, 5, "%.1000G", list);
+ __builtin_vsnprintf(buf, 10, " %#08x", list);
+ __builtin_vsnprintf(buf, 2, "%#x", list);
+ __builtin_vsnprintf(buf, 2, "%#X", list);
+ __builtin_vsnprintf(buf, 2, "%#o", list);
+ __builtin_vsnprintf(buf, 1, "%#x", list); // kprintf-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ __builtin_vsnprintf(buf, 1, "%#X", list); // kprintf-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ __builtin_vsnprintf(buf, 1, "%#o", list); // kprintf-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
+ char node_name[6];
+ __builtin_snprintf(node_name, sizeof(node_name), "%pOFn", list); // nonkprintf-warning {{'snprintf' will always be truncated; specified size is 6, but format string expands to at least 7}}
+ __builtin_snprintf(node_name, sizeof(node_name), "12345%pOFn", list); // nonkprintf-warning {{'snprintf' will always be truncated; specified size is 6, but format string expands to at least 12}}
+ __builtin_snprintf(node_name, sizeof(node_name), "123456%pOFn", list); // nonkprintf-warning {{'snprintf' will always be truncated; specified size is 6, but format string expands to at least 13}}
+}
+
+void call_sprintf_chk(char *buf) {
+ __builtin___sprintf_chk(buf, 1, 6, "hell\n");
+ __builtin___sprintf_chk(buf, 1, 5, "hell\n"); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
+ __builtin___sprintf_chk(buf, 1, 6, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}}
+ __builtin___sprintf_chk(buf, 1, 2, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}} \
+ // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 5}}
+ __builtin___sprintf_chk(buf, 1, 6, "hello");
+ __builtin___sprintf_chk(buf, 1, 5, "hello"); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
+ __builtin___sprintf_chk(buf, 1, 2, "%c", '9');
+ __builtin___sprintf_chk(buf, 1, 1, "%c", '9'); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%d", 9);
+ __builtin___sprintf_chk(buf, 1, 1, "%d", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%i", 9);
+ __builtin___sprintf_chk(buf, 1, 1, "%i", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%o", 9);
+ __builtin___sprintf_chk(buf, 1, 1, "%o", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%u", 9);
+ __builtin___sprintf_chk(buf, 1, 1, "%u", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%x", 9);
+ __builtin___sprintf_chk(buf, 1, 1, "%x", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%X", 9);
+ __builtin___sprintf_chk(buf, 1, 1, "%X", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%hhd", (char)9);
+ __builtin___sprintf_chk(buf, 1, 1, "%hhd", (char)9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%hd", (short)9);
+ __builtin___sprintf_chk(buf, 1, 1, "%hd", (short)9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%ld", 9l);
+ __builtin___sprintf_chk(buf, 1, 1, "%ld", 9l); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%lld", 9ll);
+ __builtin___sprintf_chk(buf, 1, 1, "%lld", 9ll); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 2, "%%");
+ __builtin___sprintf_chk(buf, 1, 1, "%%"); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
+ __builtin___sprintf_chk(buf, 1, 4, "%#x", 9);
+ __builtin___sprintf_chk(buf, 1, 3, "%#x", 9);
+ __builtin___sprintf_chk(buf, 1, 4, "%p", (void *)9);
+ __builtin___sprintf_chk(buf, 1, 3, "%p", (void *)9); // nonkprintf-warning {{'sprintf' will always overflow; destination buffer has size 3, but format string expands to at least 4}}
+ __builtin___sprintf_chk(buf, 1, 3, "%+d", 9);
+ __builtin___sprintf_chk(buf, 1, 2, "%+d", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 3}}
+ __builtin___sprintf_chk(buf, 1, 3, "% i", 9);
+ __builtin___sprintf_chk(buf, 1, 2, "% i", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 3}}
+ __builtin___sprintf_chk(buf, 1, 6, "%5d", 9);
+ __builtin___sprintf_chk(buf, 1, 5, "%5d", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
+ __builtin___sprintf_chk(buf, 1, 9, "%f", 9.f);
+ __builtin___sprintf_chk(buf, 1, 8, "%f", 9.f); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 8, but format string expands to at least 9}}
+ __builtin___sprintf_chk(buf, 1, 9, "%Lf", (long double)9.);
+ __builtin___sprintf_chk(buf, 1, 8, "%Lf", (long double)9.); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 8, but format string expands to at least 9}}
+ __builtin___sprintf_chk(buf, 1, 10, "%+f", 9.f);
+ __builtin___sprintf_chk(buf, 1, 9, "%+f", 9.f); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 9, but format string expands to at least 10}}
+ __builtin___sprintf_chk(buf, 1, 12, "%e", 9.f);
+ __builtin___sprintf_chk(buf, 1, 11, "%e", 9.f); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 11, but format string expands to at least 12}}
+}
+
+void call_sprintf(void) {
+ char buf[6];
+ sprintf(buf, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}}
+ sprintf(buf, "hello b\0y"); // expected-warning {{format string contains '\0' within the string body}} \
+ // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 8}}
+ sprintf(buf, "hello");
+ sprintf(buf, "hello!"); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "1234%%");
+ sprintf(buf, "12345%%"); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "1234%c", '9');
+ sprintf(buf, "12345%c", '9'); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "1234%d", 9);
+ sprintf(buf, "12345%d", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "1234%lld", 9ll);
+ sprintf(buf, "12345%lld", 9ll); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "12%#x", 9);
+ sprintf(buf, "123%#x", 9);
+ sprintf(buf, "12%p", (void *)9);
+ sprintf(buf, "123%p", (void *)9); // nonkprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "123%+d", 9);
+ sprintf(buf, "1234%+d", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "123% i", 9);
+ sprintf(buf, "1234% i", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "%5d", 9);
+ sprintf(buf, "1%5d", 9); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "%.3f", 9.f);
+ sprintf(buf, "5%.3f", 9.f); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "%+.2f", 9.f);
+ sprintf(buf, "%+.3f", 9.f); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
+ sprintf(buf, "%.0e", 9.f);
+ sprintf(buf, "5%.1e", 9.f); // kprintf-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 8}}
+}
diff --git a/clang/test/Sema/warn-fortify-source.c b/clang/test/Sema/warn-fortify-source.c
index de6171af8c14524..a12460b963cd00f 100644
--- a/clang/test/Sema/warn-fortify-source.c
+++ b/clang/test/Sema/warn-fortify-source.c
@@ -2,8 +2,6 @@
// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 %s -verify -DUSE_BUILTINS
// RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 %s -verify
// RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 %s -verify -DUSE_BUILTINS
-// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 -Wno-fortify-source %s -verify=nofortify
-// RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 -Wno-fortify-source %s -verify=nofortify
typedef unsigned long size_t;
@@ -129,11 +127,9 @@ void call_vsnprintf(void) {
void call_sprintf_chk(char *buf) {
__builtin___sprintf_chk(buf, 1, 6, "hell\n");
__builtin___sprintf_chk(buf, 1, 5, "hell\n"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
- __builtin___sprintf_chk(buf, 1, 6, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}} \
- // nofortify-warning {{format string contains '\0' within the string body}}
+ __builtin___sprintf_chk(buf, 1, 6, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}}
__builtin___sprintf_chk(buf, 1, 2, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}} \
- // nofortify-warning {{format string contains '\0' within the string body}}
- // expected-warning at -2 {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 5}}
+ // expected-warning {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 5}}
__builtin___sprintf_chk(buf, 1, 6, "hello");
__builtin___sprintf_chk(buf, 1, 5, "hello"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
__builtin___sprintf_chk(buf, 1, 2, "%c", '9');
@@ -182,11 +178,9 @@ void call_sprintf_chk(char *buf) {
void call_sprintf(void) {
char buf[6];
- sprintf(buf, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}} \
- // nofortify-warning {{format string contains '\0' within the string body}}
+ sprintf(buf, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}}
sprintf(buf, "hello b\0y"); // expected-warning {{format string contains '\0' within the string body}} \
- // nofortify-warning {{format string contains '\0' within the string body}}
- // expected-warning at -2 {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 8}}
+ // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 8}}
sprintf(buf, "hello");
sprintf(buf, "hello!"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
sprintf(buf, "1234%%");
More information about the cfe-commits
mailing list