[cfe-dev] proposed patch: detecting non-constant format strings in printf calls
Ted Kremenek
kremenek at apple.com
Fri Aug 10 12:18:19 PDT 2007
I've coded up some support in clang to flag warnings for non-constant
format strings used in calls to printf-like functions (all the
functions listed in "man fprintf"). Non-constant format strings are a
source of many security exploits in C/C++ programs, and I believe are
currently detected by gcc using the flag -Wformat-nonliteral.
I've attached a patch that adds this support. I've also included two
new files not under version control, including one file for regression
testing.
I plan on adding additional checking for format strings.
Patch affects:
include/clang/Basic/DiagnosticKinds.def
Sema/SemaExpr.cpp
Sema/Sema.cpp
Sema/Sema.h
New files:
in Sema/: SemaChecking.cpp
in test/: format-strings.c
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20070810/a68884e5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: format_string.patch
Type: application/octet-stream
Size: 4860 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20070810/a68884e5/attachment.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20070810/a68884e5/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SemaChecking.cpp
Type: application/octet-stream
Size: 3666 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20070810/a68884e5/attachment-0001.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20070810/a68884e5/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: format-strings.c
Type: application/octet-stream
Size: 982 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20070810/a68884e5/attachment-0002.obj>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20070810/a68884e5/attachment-0003.html>
More information about the cfe-dev
mailing list