[clang] [NFC][analyzer] Add testcase to highlight GenericTaint bug (PR #132765)

DonĂ¡t Nagy via cfe-commits cfe-commits at lists.llvm.org
Mon Mar 24 09:04:14 PDT 2025 

https://github.com/NagyDonat created https://github.com/llvm/llvm-project/pull/132765

Currently `optin.taint.GenericTaint` can produce false positives if a [format attribute](https://clang.llvm.org/docs/AttributeReference.html#format) is applied on a non-static method.

This commit adds a testcase that highlights this buggy behavior.

-----

I will probably extend this PR with a fix that resolves this bug.

>From f0ac1f6c223b3bfce25ba0183ba1aa2825c455ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Don=C3=A1t=20Nagy?= <donat.nagy at ericsson.com>
Date: Mon, 24 Mar 2025 16:58:31 +0100
Subject: [PATCH] [NFC][analyzer] Add testcase to highlight GenericTaint bug

Currently `optin.taint.GenericTaint` can produce false positives if a
[format attribute](https://clang.llvm.org/docs/AttributeReference.html#format)
is applied on a non-static method.

This commit adds a testcase that highlights this buggy behavior.
---
 clang/test/Analysis/taint-generic.cpp | 43 +++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/clang/test/Analysis/taint-generic.cpp b/clang/test/Analysis/taint-generic.cpp
index 8836e1d3d2d98..41fbe313d2b44 100644
--- a/clang/test/Analysis/taint-generic.cpp
+++ b/clang/test/Analysis/taint-generic.cpp
@@ -161,3 +161,46 @@ void top() {
   clang_analyzer_isTainted(A.data); // expected-warning {{YES}}
 }
 } // namespace gh114270
+
+
+namespace format_attribute {
+__attribute__((__format__ (__printf__, 1, 2)))
+void log_nonmethod(const char *fmt, ...);
+
+void test_format_attribute_nonmethod() {
+  int n;
+  fscanf(stdin, "%d", &n); // Get a tainted value.
+                           
+  log_nonmethod("This number is suspicious: %d\n", n); // no-warning
+}
+
+struct Foo {
+  // When the format attribute is applied to a method, argumet '1' is the
+  // implicit `this`, so e.g. in this case argument '2' specifies `fmt`.
+  // Specifying '1' instead of '2' would produce a compilation error:
+  // "format attribute cannot specify the implicit this argument as the format string"
+  __attribute__((__format__ (__printf__, 2, 3)))
+  void log_method(const char *fmt, ...);
+
+  void test_format_attribute_method() {
+    int n;
+    fscanf(stdin, "%d", &n); // Get a tainted value.
+                             
+    // FIXME: The analyzer misinterprets the parameter indices in the format
+    // attribute when the format attribute is applied to a method.
+    log_method("This number is suspicious: %d\n", n);
+    // expected-warning at -1 {{Untrusted data is used as a format string}}
+  }
+
+  __attribute__((__format__ (__printf__, 1, 2)))
+  static void log_static_method(const char *fmt, ...);
+
+  void test_format_attribute_static_method() {
+    int n;
+    fscanf(stdin, "%d", &n); // Get a tainted value.
+                             
+    log_static_method("This number is suspicious: %d\n", n); // no-warning
+  }
+};
+
+} // namespace format_attribute

More information about the cfe-commits mailing list