[LLVMbugs] [Bug 17886] New: Incorrect security warning when format string is conditional between two constants

bugzilla-daemon at llvm.org bugzilla-daemon at llvm.org
Mon Nov 11 15:22:31 PST 2013 

http://llvm.org/bugs/show_bug.cgi?id=17886

            Bug ID: 17886
           Summary: Incorrect security warning when format string is
                    conditional between two constants
           Product: clang
           Version: trunk
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: tjw at me.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Created attachment 11522
  --> http://llvm.org/bugs/attachment.cgi?id=11522&action=edit
sample case

Rather than having excessively long calls to functions like
NSRunInformationalAlertPanel(), it is (extremely) common to declare the
parameters individually first.

clang-sa now spuriously warns on this case. It should also avoid warning on
simple conditionals that result in the same 'kind' of format string, with
exactly the same format specifiers in the same order. Note that this should
exclude '%%' specifiers or other specifiers that don't consume arguments.

See the attached sample.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20131111/f10233d7/attachment.html>

More information about the llvm-bugs mailing list