[llvm-bugs] [Bug 26644] New: False positive "format string is not a string literal", SARD #149064

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Feb 16 17:13:25 PST 2016 

https://llvm.org/bugs/show_bug.cgi?id=26644

            Bug ID: 26644
           Summary: False positive  "format string is not a string
                    literal", SARD #149064
           Product: clang
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P
         Component: Static Analyzer
          Assignee: kremenek at apple.com
          Reporter: test35965 at gmail.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

(This is the first bug report discovered by one of the SARD tests that I'm
integrating)

The attached file, downloaded from the page at:
https://samate.nist.gov/SARD/view_testcase.php?tID=149064

...file url: https://samate.nist.gov/SARD/testcases/000/149/064/fmt5-good.c

causes a false positive "format string is not a string literal".


The function in question:

void
test(char *fmt, char *str)
{
    printf(fmt, str);    /* FIX */
}

Is called with string literals as fmt:

    if(userstr[0] == '!')
        test("<%s>", userstr);
    else 
        test("[%s]", userstr);


...this may not be visible from a local analysis of `test`, which would cause
the warning.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20160217/41f86ff5/attachment-0001.html>

More information about the llvm-bugs mailing list