[PATCH] Sanitize printf functions

[Yury Gribov]

================
Comment at: lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc:30
@@ +29,3 @@
+    p = parse_number(p, out);
+    if (*out <= 0)
+      return 0;
----------------
Alexey Samsonov wrote:
> Evgeniy Stepanov wrote:
> > Yury Gribov wrote:
> > > Alexey Samsonov wrote:
> > > > Please clarify in function name or comment why "0" or "-0" are unexpected.
> > > This is Evegeny's code so I have no idea.
> > Could it be different for printf vs scanf?
> See above
Closer study of scanf/printf spec reveals that width/precision are unsigned both for printf and scanf. But printf may have '-' or '+' flag in front of width.

Anyway I don't know why you check for <= 0 here. 

================
Comment at: lib/sanitizer_common/sanitizer_common_interceptors_scanf.inc:348
@@ -300,1 +347,3 @@
+    if (size == FSS_INVALID) {
+      Report("WARNING: unexpected format specifier in scanf interceptor\n");
       break;
----------------
Evgeniy Stepanov wrote:
> Yury Gribov wrote:
> > Alexey Samsonov wrote:
> > > I don't like this diagnostics: we don't even print what this unknown specifier is. We should either do this, or silently exit.
> > This warning is mainly to inform us that we failed to parse some format spec and I think it's rather important for debugging purposes. What if I replace it with VReport(1, ...) ?
> The warning is good, but to be useful it should print a bit more info. Otherwise in a big program it is not at all clear what to do about it.
> 
The best solution would be to remember pointers to begin and end of specifier in format string. We can then use them to print specifier here.


http://llvm-reviews.chandlerc.com/D2480