[cfe-dev] proposed patch: detecting non-constant format strings in printf calls
clattner at apple.com
Fri Aug 10 13:23:13 PDT 2007
On Aug 10, 2007, at 12:18 PM, Ted Kremenek wrote:
> I've coded up some support in clang to flag warnings for non-
> constant format strings used in calls to printf-like functions (all
> the functions listed in "man fprintf"). Non-constant format
> strings are a source of many security exploits in C/C++ programs,
> and I believe are currently detected by gcc using the flag -Wformat-
> I've attached a patch that adds this support. I've also included
> two new files not under version control, including one file for
> regression testing.
Looks great, applied!
> I plan on adding additional checking for format strings.
> Patch affects:
> New files:
> in Sema/: SemaChecking.cpp
> in test/: format-strings.c
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
More information about the cfe-dev