This is an archive of the discontinued LLVM Phabricator instance.

Other than the clang-format issues, this looks fine. However, I'm not really knowledgable enough/the owner of the Fuschia/Android stuff, so I'd prefer an approval 'in concept' come from someone more involved with that.

Conditionally apply clang-format suggestions. It doesn't make sense to apply the suggestions in the tests because the style would diverge from the rest of the file.

+enh to review Android changes.

Harbormaster completed remote builds in B144297: Diff 401236.Jan 19 2022, 8:42 AM

@srhines can you also take a look at the Android changes or suggest other reviewers?

In D117611#3256089, @phosek wrote:

@srhines can you also take a look at the Android changes or suggest other reviewers?

sorry, took me this long to log in :-(

yeah, lgtm, thanks! %n hasn't worked for about 10 years; it changed from being silently ignored (which, in retrospect, was a cure every bit as bad as the disease) to causing a FORTIFY abort in Q/API 29. but, yeah, since it doesn't do what the C standard says in any version of Android that the NDK still supports, it makes sense for clang to just reject it regardless of API level.

enh accepted this revision.Jan 19 2022, 1:27 PM

This revision is now accepted and ready to land.Jan 19 2022, 1:27 PM

In D117611#3256094, @enh wrote:

In D117611#3256089, @phosek wrote:

@srhines can you also take a look at the Android changes or suggest other reviewers?

sorry, took me this long to log in :-(

yeah, lgtm, thanks! %n hasn't worked for about 10 years; it changed from being silently ignored (which, in retrospect, was a cure every bit as bad as the disease) to causing a FORTIFY abort in Q/API 29. but, yeah, since it doesn't do what the C standard says in any version of Android that the NDK still supports, it makes sense for clang to just reject it regardless of API level.

in case anyone's thinking "citation needed": search for %n on https://android.googlesource.com/platform/bionic/+/master/docs/status.md

In D117611#3256097, @enh wrote:

In D117611#3256094, @enh wrote:

In D117611#3256089, @phosek wrote:

@srhines can you also take a look at the Android changes or suggest other reviewers?

sorry, took me this long to log in :-(

yeah, lgtm, thanks! %n hasn't worked for about 10 years; it changed from being silently ignored (which, in retrospect, was a cure every bit as bad as the disease) to causing a FORTIFY abort in Q/API 29. but, yeah, since it doesn't do what the C standard says in any version of Android that the NDK still supports, it makes sense for clang to just reject it regardless of API level.

in case anyone's thinking "citation needed": search for %n on https://android.googlesource.com/platform/bionic/+/master/docs/status.md

and in case anyone's thinking "please don't be so lazy --- go and look up when %n was _initially_ disabled!", it was so long ago that we weren't even using git for version control back then, and the corresponding bug has gone out of retention, so i literally don't have the history left. given that, i think "forever" is a good approximation :-)

Closed by commit rGcd4e600f5f5c: [Sema] Warn about printf %n on Android and Fuchsia (authored by abrachet). · Explain WhyJan 21 2022, 1:01 PM

This revision was automatically updated to reflect the committed changes.

abrachet added a commit: rGcd4e600f5f5c: [Sema] Warn about printf %n on Android and Fuchsia.

Herald added a project: Restricted Project. · View Herald TranscriptJan 21 2022, 1:01 PM

Herald added a subscriber: cfe-commits. · View Herald Transcript

This doesn't leave much room to use __attribute__((format(printf))) on custom printf implementations that do support %n on Android does it?

In D117611#3339137, @glandium wrote:

This doesn't leave much room to use __attribute__((format(printf))) on custom printf implementations that do support %n on Android does it?

+1 to this point; whether this is or is not supported depends on which libc the user is linking against.

In D117611#3339137, @glandium wrote:

This doesn't leave much room to use __attribute__((format(printf))) on custom printf implementations that do support %n on Android does it?

it would be pretty hard to get into that situation though? apps are clones of the zygote, so you don't have any choice over your libc on Android: it's all bionic, all the time. (our seccomp policies also mean "good luck trying to run a static musl/glibc binary".) clang's Android target already assumes bionic in other ways --- things like whether math functions set errno, or whatever, so this seems in keeping to me.

ah, you don't mean *printf* implementations, you mean "other functions that take printf arguments"? yeah, that's a more interesting case. though that one's already broken: there's already no way to say what subset of printf formats you do/don't support. (all the ones in the Android OS itself are all subsets of the bionic printf; many equal, but several *much* smaller. that would be a pretty cool thing to be able to specify, but that's a much bigger bug, and this change brings us closer to reality than we currently are, for the 99% case :-) )

Revision Contents

Path

Size

clang/

include/

clang/

AST/

FormatString.h

3 lines

Basic/

DiagnosticSemaKinds.td

3 lines

lib/

AST/

OSLog.cpp

4 lines

PrintfFormatString.cpp

2 lines

Sema/

SemaChecking.cpp

24 lines

test/

FixIt/

format.m

16 lines

Sema/

format-strings.c

84 lines

Diff 402090

clang/include/clang/AST/FormatString.h

Show First 20 Lines • Show All 720 Lines • ▼ Show 20 Lines	virtual bool HandleInvalidPrintfConversionSpecifier(
const analyze_printf::PrintfSpecifier &FS,		const analyze_printf::PrintfSpecifier &FS,
const char *startSpecifier,		const char *startSpecifier,
unsigned specifierLen) {		unsigned specifierLen) {
return true;		return true;
}		}

virtual bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,		virtual bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,
const char *startSpecifier,		const char *startSpecifier,
unsigned specifierLen) {		unsigned specifierLen,
		const TargetInfo &Target) {
return true;		return true;
}		}

/// Handle mask types whose sizes are not between one and eight bytes.		/// Handle mask types whose sizes are not between one and eight bytes.
virtual void handleInvalidMaskType(StringRef MaskType) {}		virtual void handleInvalidMaskType(StringRef MaskType) {}

// Scanf-specific handlers.		// Scanf-specific handlers.

Show All 36 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 9,363 Lines • ▼ Show 20 Lines	def warn_printf_empty_objc_flag: Warning<
"missing object format flag">,		"missing object format flag">,
InGroup<Format>;		InGroup<Format>;
def warn_printf_ObjCflags_without_ObjCConversion: Warning<		def warn_printf_ObjCflags_without_ObjCConversion: Warning<
"object format flags cannot be used with '%0' conversion specifier">,		"object format flags cannot be used with '%0' conversion specifier">,
InGroup<Format>;		InGroup<Format>;
def warn_printf_invalid_objc_flag: Warning<		def warn_printf_invalid_objc_flag: Warning<
"'%0' is not a valid object format flag">,		"'%0' is not a valid object format flag">,
InGroup<Format>;		InGroup<Format>;
		def warn_printf_narg_not_supported : Warning<
		"'%%n' specifier not supported on this platform">,
		InGroup<Format>;
def warn_scanf_scanlist_incomplete : Warning<		def warn_scanf_scanlist_incomplete : Warning<
"no closing ']' for '%%[' in scanf format string">,		"no closing ']' for '%%[' in scanf format string">,
InGroup<Format>;		InGroup<Format>;
def warn_format_bool_as_character : Warning<		def warn_format_bool_as_character : Warning<
"using '%0' format specifier, but argument has boolean value">,		"using '%0' format specifier, but argument has boolean value">,
InGroup<Format>;		InGroup<Format>;
def note_format_string_defined : Note<"format string is defined here">;		def note_format_string_defined : Note<"format string is defined here">;
def note_format_fix_specifier : Note<"did you mean to use '%0'?">;		def note_format_fix_specifier : Note<"did you mean to use '%0'?">;
▲ Show 20 Lines • Show All 2,090 Lines • Show Last 20 Lines

clang/lib/AST/OSLog.cpp

Show First 20 Lines • Show All 50 Lines • ▼ Show 20 Lines	private:
}		}

public:		public:
OSLogFormatStringHandler(ArrayRef<const Expr *> Args) : Args(Args) {		OSLogFormatStringHandler(ArrayRef<const Expr *> Args) : Args(Args) {
ArgsData.reserve(Args.size());		ArgsData.reserve(Args.size());
}		}

bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,		bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,
const char *StartSpecifier,		const char *StartSpecifier, unsigned SpecifierLen,
unsigned SpecifierLen) override {		const TargetInfo &) override {
if (!FS.consumesDataArgument() &&		if (!FS.consumesDataArgument() &&
FS.getConversionSpecifier().getKind() !=		FS.getConversionSpecifier().getKind() !=
clang::analyze_format_string::ConversionSpecifier::PrintErrno)		clang::analyze_format_string::ConversionSpecifier::PrintErrno)
return true;		return true;

ArgsData.emplace_back();		ArgsData.emplace_back();
unsigned ArgIndex = FS.getArgIndex();		unsigned ArgIndex = FS.getArgIndex();
if (ArgIndex < Args.size())		if (ArgIndex < Args.size())
▲ Show 20 Lines • Show All 144 Lines • Show Last 20 Lines

clang/lib/AST/PrintfFormatString.cpp

Show First 20 Lines • Show All 422 Lines • ▼ Show 20 Lines	while (I != E) {
if (FSR.shouldStop())		if (FSR.shouldStop())
return true;		return true;
// Did we exhaust the string or encounter an error that		// Did we exhaust the string or encounter an error that
// we can recover from?		// we can recover from?
if (!FSR.hasValue())		if (!FSR.hasValue())
continue;		continue;
// We have a format specifier. Pass it to the callback.		// We have a format specifier. Pass it to the callback.
if (!H.HandlePrintfSpecifier(FSR.getValue(), FSR.getStart(),		if (!H.HandlePrintfSpecifier(FSR.getValue(), FSR.getStart(),
I - FSR.getStart()))		I - FSR.getStart(), Target))
return true;		return true;
}		}
assert(I == E && "Format string not exhausted");		assert(I == E && "Format string not exhausted");
return false;		return false;
}		}

bool clang::analyze_format_string::ParseFormatStringHasSArg(const char *I,		bool clang::analyze_format_string::ParseFormatStringHasSArg(const char *I,
const char *E,		const char *E,
▲ Show 20 Lines • Show All 687 Lines • Show Last 20 Lines

clang/lib/Sema/SemaChecking.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 493 Lines • ▼ Show 20 Lines	class EstimateSizeFormatHandler
size_t Size;		size_t Size;

public:		public:
EstimateSizeFormatHandler(StringRef Format)		EstimateSizeFormatHandler(StringRef Format)
: Size(std::min(Format.find(0), Format.size()) +		: Size(std::min(Format.find(0), Format.size()) +
1 /* null byte always written by sprintf */) {}		1 /* null byte always written by sprintf */) {}

bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,		bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,
const char *, unsigned SpecifierLen) override {		const char *, unsigned SpecifierLen,
		const TargetInfo &) override {

const size_t FieldWidth = computeFieldWidth(FS);		const size_t FieldWidth = computeFieldWidth(FS);
const size_t Precision = computePrecision(FS);		const size_t Precision = computePrecision(FS);

// The actual format.		// The actual format.
switch (FS.getConversionSpecifier().getKind()) {		switch (FS.getConversionSpecifier().getKind()) {
// Just a char.		// Just a char.
case analyze_format_string::ConversionSpecifier::cArg:		case analyze_format_string::ConversionSpecifier::cArg:
▲ Show 20 Lines • Show All 8,393 Lines • ▼ Show 20 Lines	public:
bool HandleInvalidPrintfConversionSpecifier(		bool HandleInvalidPrintfConversionSpecifier(
const analyze_printf::PrintfSpecifier &FS,		const analyze_printf::PrintfSpecifier &FS,
const char *startSpecifier,		const char *startSpecifier,
unsigned specifierLen) override;		unsigned specifierLen) override;

void handleInvalidMaskType(StringRef MaskType) override;		void handleInvalidMaskType(StringRef MaskType) override;

bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,		bool HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier &FS,
const char *startSpecifier,		const char *startSpecifier, unsigned specifierLen,
unsigned specifierLen) override;		const TargetInfo &Target) override;
bool checkFormatExpr(const analyze_printf::PrintfSpecifier &FS,		bool checkFormatExpr(const analyze_printf::PrintfSpecifier &FS,
const char *StartSpecifier,		const char *StartSpecifier,
unsigned SpecifierLen,		unsigned SpecifierLen,
const Expr *E);		const Expr *E);

bool HandleAmount(const analyze_format_string::OptionalAmount &Amt, unsigned k,		bool HandleAmount(const analyze_format_string::OptionalAmount &Amt, unsigned k,
const char *startSpecifier, unsigned specifierLen);		const char *startSpecifier, unsigned specifierLen);
void HandleInvalidAmount(const analyze_printf::PrintfSpecifier &FS,		void HandleInvalidAmount(const analyze_printf::PrintfSpecifier &FS,
▲ Show 20 Lines • Show All 242 Lines • ▼ Show 20 Lines	if (Method->getMinRequiredArguments() == 0 &&
<< "c_str()" << FixItHint::CreateInsertion(EndLoc, ".c_str()");		<< "c_str()" << FixItHint::CreateInsertion(EndLoc, ".c_str()");
return true;		return true;
}		}
}		}

return false;		return false;
}		}

bool		bool CheckPrintfHandler::HandlePrintfSpecifier(
CheckPrintfHandler::HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier		const analyze_printf::PrintfSpecifier &FS, const char *startSpecifier,
&FS,		unsigned specifierLen, const TargetInfo &Target) {
const char *startSpecifier,
unsigned specifierLen) {
using namespace analyze_format_string;		using namespace analyze_format_string;
using namespace analyze_printf;		using namespace analyze_printf;

const PrintfConversionSpecifier &CS = FS.getConversionSpecifier();		const PrintfConversionSpecifier &CS = FS.getConversionSpecifier();

if (FS.consumesDataArgument()) {		if (FS.consumesDataArgument()) {
if (atFirstArg) {		if (atFirstArg) {
atFirstArg = false;		atFirstArg = false;
▲ Show 20 Lines • Show All 115 Lines • ▼ Show 20 Lines	if (FS.isPrivate().isSet()) {
EmitFormatDiagnostic(S.PDiag(diag::warn_format_invalid_annotation)		EmitFormatDiagnostic(S.PDiag(diag::warn_format_invalid_annotation)
<< "private",		<< "private",
getLocationOfByte(FS.isPrivate().getPosition()),		getLocationOfByte(FS.isPrivate().getPosition()),
/IsStringLocation/ false,		/IsStringLocation/ false,
getSpecifierRange(startSpecifier, specifierLen));		getSpecifierRange(startSpecifier, specifierLen));
}		}
}		}

		const llvm::Triple &Triple = Target.getTriple();
		if (CS.getKind() == ConversionSpecifier::nArg &&
		(Triple.isAndroid() \|\| Triple.isOSFuchsia())) {
		EmitFormatDiagnostic(S.PDiag(diag::warn_printf_narg_not_supported),
		getLocationOfByte(CS.getStart()),
		/IsStringLocation/ false,
		getSpecifierRange(startSpecifier, specifierLen));
		}

// Check for invalid use of field width		// Check for invalid use of field width
if (!FS.hasValidFieldWidth()) {		if (!FS.hasValidFieldWidth()) {
HandleInvalidAmount(FS, FS.getFieldWidth(), /* field width */ 0,		HandleInvalidAmount(FS, FS.getFieldWidth(), /* field width */ 0,
startSpecifier, specifierLen);		startSpecifier, specifierLen);
}		}

// Check for invalid use of precision		// Check for invalid use of precision
if (!FS.hasValidPrecision()) {		if (!FS.hasValidPrecision()) {
▲ Show 20 Lines • Show All 7,936 Lines • Show Last 20 Lines

clang/test/FixIt/format.m

Show First 20 Lines • Show All 235 Lines • ▼ Show 20 Lines
void testSizeTypes() {		void testSizeTypes() {
printf("%zu", 0.f); // expected-warning-re{{format specifies type 'size_t' (aka '{{.+}}') but the argument has type 'float'}}		printf("%zu", 0.f); // expected-warning-re{{format specifies type 'size_t' (aka '{{.+}}') but the argument has type 'float'}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:11-[[@LINE-1]]:14}:"%f"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:11-[[@LINE-1]]:14}:"%f"

printf("%zd", 0.f); // expected-warning-re{{format specifies type 'ssize_t' (aka '{{.+}}') but the argument has type 'float'}}		printf("%zd", 0.f); // expected-warning-re{{format specifies type 'ssize_t' (aka '{{.+}}') but the argument has type 'float'}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:11-[[@LINE-1]]:14}:"%f"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:11-[[@LINE-1]]:14}:"%f"

short x;		short x;
		#if !defined(__ANDROID__) && !defined(__Fuchsia__)
printf("%zn", &x); // expected-warning-re{{format specifies type 'ssize_t ' (aka '{{.+}}') but the argument has type 'short '}}		printf("%zn", &x); // expected-warning-re{{format specifies type 'ssize_t ' (aka '{{.+}}') but the argument has type 'short '}}
		#else
		printf("%zn", &x); // expected-warning-re{{format specifies type 'ssize_t ' (aka '{{.+}}') but the argument has type 'short '}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
		#endif // !defined(__ANDROID__) && !defined(__Fuchsia__)
// PrintfSpecifier::fixType doesn't handle %n, so a fix-it is not emitted,		// PrintfSpecifier::fixType doesn't handle %n, so a fix-it is not emitted,
// see the comment in PrintfSpecifier::fixType in PrintfFormatString.cpp.		// see the comment in PrintfSpecifier::fixType in PrintfFormatString.cpp.
}		}

typedef __PTRDIFF_TYPE__ ptrdiff_t;		typedef __PTRDIFF_TYPE__ ptrdiff_t;
#define __UNSIGNED_PTRDIFF_TYPE__ \		#define __UNSIGNED_PTRDIFF_TYPE__ \
__typeof__(_Generic((__PTRDIFF_TYPE__)0, \		__typeof__(_Generic((__PTRDIFF_TYPE__)0, \
long long int : (unsigned long long int)0, \		long long int : (unsigned long long int)0, \
long int : (unsigned long int)0, \		long int : (unsigned long int)0, \
Show All 10 Lines	void testPtrDiffTypes() {

ptrdiff_t p2 = 0;		ptrdiff_t p2 = 0;
printf("%td", p2); // No warning.		printf("%td", p2); // No warning.

printf("%td", 0.f); // expected-warning-re{{format specifies type 'ptrdiff_t' (aka '{{.+}}') but the argument has type 'float'}}		printf("%td", 0.f); // expected-warning-re{{format specifies type 'ptrdiff_t' (aka '{{.+}}') but the argument has type 'float'}}
// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:11-[[@LINE-1]]:14}:"%f"		// CHECK: fix-it:"{{.*}}":{[[@LINE-1]]:11-[[@LINE-1]]:14}:"%f"

ptrdiff_t p3 = 0;		ptrdiff_t p3 = 0;
		#if !defined(__ANDROID__) && !defined(__Fuchsia__)
printf("%tn", &p3); // No warning.		printf("%tn", &p3); // No warning.
		#else
		printf("%tn", &p3); // expected-warning{{'%n' specifier not supported on this platform}}
		#endif // !defined(__ANDROID__) && !defined(__Fuchsia__)

short x;		short x;
		#if !defined(__ANDROID__) && !defined(__Fuchsia__)
printf("%tn", &x); // expected-warning-re{{format specifies type 'ptrdiff_t ' (aka '{{.+}}') but the argument has type 'short '}}		printf("%tn", &x); // expected-warning-re{{format specifies type 'ptrdiff_t ' (aka '{{.+}}') but the argument has type 'short '}}
// PrintfSpecifier::fixType doesn't handle %n, so a fix-it is not emitted,		// PrintfSpecifier::fixType doesn't handle %n, so a fix-it is not emitted,
// see the comment in PrintfSpecifier::fixType in PrintfFormatString.cpp.		// see the comment in PrintfSpecifier::fixType in PrintfFormatString.cpp.
		#else
		printf("%tn", &x); // expected-warning-re{{format specifies type 'ptrdiff_t ' (aka '{{.+}}') but the argument has type 'short '}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
		#endif // !defined(__ANDROID__) && !defined(__Fuchsia__)
}		}

void testEnum() {		void testEnum() {
typedef enum {		typedef enum {
ImplicitA = 1,		ImplicitA = 1,
ImplicitB = 2		ImplicitB = 2
} Implicit;		} Implicit;

Show All 19 Lines

clang/test/Sema/format-strings.c

// RUN: %clang_cc1 -fblocks -fsyntax-only -verify -Wformat-nonliteral -isystem %S/Inputs %s		// RUN: %clang_cc1 -fblocks -fsyntax-only -verify -Wformat-nonliteral -isystem %S/Inputs %s
// RUN: %clang_cc1 -fblocks -fsyntax-only -verify -Wformat-nonliteral -isystem %S/Inputs -fno-signed-char %s		// RUN: %clang_cc1 -fblocks -fsyntax-only -verify -Wformat-nonliteral -isystem %S/Inputs -fno-signed-char %s
		// RUN: %clang_cc1 -fblocks -fsyntax-only -verify -Wformat-nonliteral -isystem %S/Inputs -triple=x86_64-unknown-fuchsia %s
		// RUN: %clang_cc1 -fblocks -fsyntax-only -verify -Wformat-nonliteral -isystem %S/Inputs -triple=x86_64-linux-android %s

#include <stdarg.h>		#include <stdarg.h>
#include <stddef.h>		#include <stddef.h>
#define __need_wint_t		#define __need_wint_t
#include <stddef.h> // For wint_t and wchar_t		#include <stddef.h> // For wint_t and wchar_t

typedef struct _FILE FILE;		typedef struct _FILE FILE;
int fprintf(FILE , const char restrict, ...);		int fprintf(FILE , const char restrict, ...);
▲ Show 20 Lines • Show All 102 Lines • ▼ Show 20 Lines	void check_conditional_literal(const char* s, int i) {
printf(i ? "yes %s" : "no %d", 1); // expected-warning{{format specifies type 'char *'}}		printf(i ? "yes %s" : "no %d", 1); // expected-warning{{format specifies type 'char *'}}
printf(i ? "yes" : "no %d", 1, 2); // expected-warning{{data argument not used by format string}}		printf(i ? "yes" : "no %d", 1, 2); // expected-warning{{data argument not used by format string}}

printf(i ? "%*s" : "-", i, s); // no-warning		printf(i ? "%*s" : "-", i, s); // no-warning
printf(i ? "yes" : 0 ? "no %*d" : "dont know %d", 1, 2); // expected-warning{{data argument not used by format string}}		printf(i ? "yes" : 0 ? "no %*d" : "dont know %d", 1, 2); // expected-warning{{data argument not used by format string}}
printf(i ? "%i\n" : "%i %s %s\n", i, s); // expected-warning{{more '%' conversions than data arguments}}		printf(i ? "%i\n" : "%i %s %s\n", i, s); // expected-warning{{more '%' conversions than data arguments}}
}		}

		#if !defined(__ANDROID__) && !defined(__Fuchsia__)

void check_writeback_specifier()		void check_writeback_specifier()
{		{
int x;		int x;
char *b;		char *b;
printf("%n", b); // expected-warning{{format specifies type 'int ' but the argument has type 'char '}}		printf("%n", b); // expected-warning{{format specifies type 'int ' but the argument has type 'char '}}
printf("%n", &x); // no-warning		printf("%n", &x); // no-warning

printf("%hhn", (signed char*)0); // no-warning		printf("%hhn", (signed char*)0); // no-warning
Show All 20 Lines	void check_writeback_specifier()
printf("%qn", (long long*)0); // no-warning		printf("%qn", (long long*)0); // no-warning
printf("%qn", (unsigned long long*)0); // no-warning		printf("%qn", (unsigned long long*)0); // no-warning
printf("%qn", (int)0); // expected-warning{{format specifies type 'long long ' but the argument has type 'int *'}}		printf("%qn", (int)0); // expected-warning{{format specifies type 'long long ' but the argument has type 'int *'}}

printf("%Ln", 0); // expected-warning{{length modifier 'L' results in undefined behavior or no effect with 'n' conversion specifier}}		printf("%Ln", 0); // expected-warning{{length modifier 'L' results in undefined behavior or no effect with 'n' conversion specifier}}
// expected-note@-1{{did you mean to use 'll'?}}		// expected-note@-1{{did you mean to use 'll'?}}
}		}

		#else

		void check_writeback_specifier()
		{
		int x;
		printf("%n", &x); // expected-warning{{'%n' specifier not supported on this platform}}

		printf("%hhn", (signed char*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%hhn", (char*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%hhn", (unsigned char*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%hhn", (int)0); // expected-warning{{format specifies type 'signed char ' but the argument has type 'int *'}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}

		printf("%hn", (short*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%hn", (unsigned short*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%hn", (int)0); // expected-warning{{format specifies type 'short ' but the argument has type 'int *'}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}

		printf("%n", (int*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%n", (unsigned int*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%n", (char)0); // expected-warning{{format specifies type 'int ' but the argument has type 'char *'}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}

		printf("%ln", (long*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%ln", (unsigned long*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%ln", (int)0); // expected-warning{{format specifies type 'long ' but the argument has type 'int *'}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}

		printf("%lln", (long long*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%lln", (unsigned long long*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%lln", (int)0); // expected-warning{{format specifies type 'long long ' but the argument has type 'int *'}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}

		printf("%qn", (long long*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%qn", (unsigned long long*)0); // expected-warning{{'%n' specifier not supported on this platform}}
		}

		#endif // !defined(__ANDROID__) && !defined(__Fuchsia__)

void check_invalid_specifier(FILE* fp, char *buf)		void check_invalid_specifier(FILE* fp, char *buf)
{		{
printf("%s%lb%d","unix",10,20); // expected-warning {{invalid conversion specifier 'b'}} expected-warning {{data argument not used by format string}}		printf("%s%lb%d","unix",10,20); // expected-warning {{invalid conversion specifier 'b'}} expected-warning {{data argument not used by format string}}
fprintf(fp,"%%%l"); // expected-warning {{incomplete format specifier}}		fprintf(fp,"%%%l"); // expected-warning {{incomplete format specifier}}
sprintf(buf,"%%%%%ld%d%d", 1, 2, 3); // expected-warning{{format specifies type 'long' but the argument has type 'int'}}		sprintf(buf,"%%%%%ld%d%d", 1, 2, 3); // expected-warning{{format specifies type 'long' but the argument has type 'int'}}
snprintf(buf, 2, "%%%%%ld%;%d", 1, 2, 3); // expected-warning{{format specifies type 'long' but the argument has type 'int'}} expected-warning {{invalid conversion specifier ';'}} expected-warning {{data argument not used by format string}}		snprintf(buf, 2, "%%%%%ld%;%d", 1, 2, 3); // expected-warning{{format specifies type 'long' but the argument has type 'int'}} expected-warning {{invalid conversion specifier ';'}} expected-warning {{data argument not used by format string}}
}		}

▲ Show 20 Lines • Show All 216 Lines • ▼ Show 20 Lines	void bug7377_bad_length_mod_usage() {
printf("%hhs", "foo"); // expected-warning{{length modifier 'hh' results in undefined behavior or no effect with 's' conversion specifier}}		printf("%hhs", "foo"); // expected-warning{{length modifier 'hh' results in undefined behavior or no effect with 's' conversion specifier}}
printf("%1$zp", (void *)0); // expected-warning{{length modifier 'z' results in undefined behavior or no effect with 'p' conversion specifier}}		printf("%1$zp", (void *)0); // expected-warning{{length modifier 'z' results in undefined behavior or no effect with 'p' conversion specifier}}
printf("%ls", L"foo"); // no-warning		printf("%ls", L"foo"); // no-warning
printf("%#.2Lf", (long double)1.234); // no-warning		printf("%#.2Lf", (long double)1.234); // no-warning

// Bad flag usage		// Bad flag usage
printf("%#p", (void *) 0); // expected-warning{{flag '#' results in undefined behavior with 'p' conversion specifier}}		printf("%#p", (void *) 0); // expected-warning{{flag '#' results in undefined behavior with 'p' conversion specifier}}
printf("%0d", -1); // no-warning		printf("%0d", -1); // no-warning
		printf("%-p", (void *) 0); // no-warning
		#if !defined(__ANDROID__) && !defined(__Fuchsia__)
printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}}		printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}}
printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}}		printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}}
printf("%-p", (void *) 0); // no-warning		#else
		printf("%#n", (int *) 0); // expected-warning{{flag '#' results in undefined behavior with 'n' conversion specifier}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
		printf("%-n", (int *) 0); // expected-warning{{flag '-' results in undefined behavior with 'n' conversion specifier}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
		#endif // !defined(__ANDROID__) && !defined(__Fuchsia__)

// Bad optional amount use		// Bad optional amount use
printf("%.2c", 'a'); // expected-warning{{precision used with 'c' conversion specifier, resulting in undefined behavior}}		printf("%.2c", 'a'); // expected-warning{{precision used with 'c' conversion specifier, resulting in undefined behavior}}
		#if !defined(__ANDROID__) && !defined(__Fuchsia__)
		printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}}
		printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}}
		#else
printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}}		printf("%1n", (int *) 0); // expected-warning{{field width used with 'n' conversion specifier, resulting in undefined behavior}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}}		printf("%.9n", (int *) 0); // expected-warning{{precision used with 'n' conversion specifier, resulting in undefined behavior}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
		#endif // #if !defined(__ANDROID__) && !defined(__Fuchsia__)

// Ignored flags		// Ignored flags
printf("% +f", 1.23); // expected-warning{{flag ' ' is ignored when flag '+' is present}}		printf("% +f", 1.23); // expected-warning{{flag ' ' is ignored when flag '+' is present}}
printf("%+ f", 1.23); // expected-warning{{flag ' ' is ignored when flag '+' is present}}		printf("%+ f", 1.23); // expected-warning{{flag ' ' is ignored when flag '+' is present}}
printf("%0-f", 1.23); // expected-warning{{flag '0' is ignored when flag '-' is present}}		printf("%0-f", 1.23); // expected-warning{{flag '0' is ignored when flag '-' is present}}
printf("%-0f", 1.23); // expected-warning{{flag '0' is ignored when flag '-' is present}}		printf("%-0f", 1.23); // expected-warning{{flag '0' is ignored when flag '-' is present}}
printf("%-+f", 1.23); // no-warning		printf("%-+f", 1.23); // no-warning
}		}
▲ Show 20 Lines • Show All 234 Lines • ▼ Show 20 Lines
extern void test14_bar(const char , const char , ...)		extern void test14_bar(const char , const char , ...)
__attribute__((__format__(__printf__, 1, 3)));		__attribute__((__format__(__printf__, 1, 3)));

void test14_zed(int *p) {		void test14_zed(int *p) {
test14_foo("%", "%d", p); // expected-warning{{incomplete format specifier}}		test14_foo("%", "%d", p); // expected-warning{{incomplete format specifier}}
test14_bar("%", "%d", p); // expected-warning{{incomplete format specifier}}		test14_bar("%", "%d", p); // expected-warning{{incomplete format specifier}}
}		}

		#if !defined(__ANDROID__) && !defined(__Fuchsia__)

void test_qualifiers(volatile int vip, const int cip,		void test_qualifiers(volatile int vip, const int cip,
const volatile int *cvip) {		const volatile int *cvip) {
printf("%n", cip); // expected-warning{{format specifies type 'int ' but the argument has type 'const int '}}		printf("%n", cip); // expected-warning{{format specifies type 'int ' but the argument has type 'const int '}}
printf("%n", cvip); // expected-warning{{format specifies type 'int ' but the argument has type 'const volatile int '}}		printf("%n", cvip); // expected-warning{{format specifies type 'int ' but the argument has type 'const volatile int '}}

printf("%n", vip); // No warning.		printf("%n", vip); // No warning.
printf("%p", cip); // No warning.		printf("%p", cip); // No warning.
printf("%p", cvip); // No warning.		printf("%p", cvip); // No warning.


typedef int* ip_t;		typedef int* ip_t;
typedef const int* cip_t;		typedef const int* cip_t;
printf("%n", (ip_t)0); // No warning.		printf("%n", (ip_t)0); // No warning.
printf("%n", (cip_t)0); // expected-warning{{format specifies type 'int ' but the argument has type 'cip_t' (aka 'const int ')}}		printf("%n", (cip_t)0); // expected-warning{{format specifies type 'int ' but the argument has type 'cip_t' (aka 'const int ')}}
}		}

		#else

		void test_qualifiers(volatile int vip, const int cip,
		const volatile int *cvip) {
		printf("%n", cip); // expected-warning{{format specifies type 'int ' but the argument has type 'const int '}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
		printf("%n", cvip); // expected-warning{{format specifies type 'int ' but the argument has type 'const volatile int '}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}

		printf("%n", vip); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%p", cip); // No warning.
		printf("%p", cvip); // No warning.


		typedef int* ip_t;
		typedef const int* cip_t;
		printf("%n", (ip_t)0); // expected-warning{{'%n' specifier not supported on this platform}}
		printf("%n", (cip_t)0); // expected-warning{{format specifies type 'int ' but the argument has type 'cip_t' (aka 'const int ')}}
		// expected-warning@-1 {{'%n' specifier not supported on this platform}}
		}

		#endif // #if !defined(__ANDROID__) && !defined(__Fuchsia__)

#pragma GCC diagnostic ignored "-Wformat-nonliteral"		#pragma GCC diagnostic ignored "-Wformat-nonliteral"
#pragma GCC diagnostic warning "-Wformat-security"		#pragma GCC diagnostic warning "-Wformat-security"
// <rdar://problem/14178260>		// <rdar://problem/14178260>
extern void test_format_security_extra_args(const char*, int, ...)		extern void test_format_security_extra_args(const char*, int, ...)
__attribute__((__format__(__printf__, 1, 3)));		__attribute__((__format__(__printf__, 1, 3)));
void test_format_security_pos(char* string) {		void test_format_security_pos(char* string) {
test_format_security_extra_args(string, 5); // expected-warning {{format string is not a string literal (potentially insecure)}}		test_format_security_extra_args(string, 5); // expected-warning {{format string is not a string literal (potentially insecure)}}
// expected-note@-1{{treat the string as an argument to avoid this}}		// expected-note@-1{{treat the string as an argument to avoid this}}
▲ Show 20 Lines • Show All 73 Lines • Show Last 20 Lines

This is an archive of the discontinued LLVM Phabricator instance.

[Sema] Warn about printf %n on Android and FuchsiaClosedPublic

Details

Diff Detail

Event Timeline