[LLVMbugs] [Bug 19200] New: clang fails to warn about NSPredicate format string mistakes

[bugzilla-daemon at llvm.org]

http://llvm.org/bugs/show_bug.cgi?id=19200

            Bug ID: 19200
           Summary: clang fails to warn about NSPredicate format string
                    mistakes
           Product: new-bugs
           Version: trunk
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: sean at rogue-research.com
                CC: llvmbugs at cs.uiuc.edu
    Classification: Unclassified

Mistakes with format strings are a well-known security issue, and compilers
warn in many cases.

clang fails to warn here however:

-----------------------
#import <Foundation/Foundation.h>

int main (void)
{
  NSPredicate* predicate = [NSPredicate predicateWithFormat:@"foo == %d"];

  return !!predicate;
}
-----------------------

$ clang --version
clang version 3.5.0 (204240)
Target: x86_64-apple-darwin12.5.0
Thread model: posix


$ clang -Weverything -fsyntax-only ~/test.m

<no warnings given>

According to Greg Parker, "The problem is that +predicateWithFormat: accepts
conversions that are not part of NSString's format string syntax. Adding format
string warnings for new format string syntaxes requires compiler changes."

See also <rdar://10699748>.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20140319/998e5db1/attachment.html>