This is an archive of the discontinued LLVM Phabricator instance.

Differential D24584

Do not warn about format strings that are indexed string literals.
ClosedPublic

Authored by meikeb on Sep 14 2016, 2:25 PM.

Details

Reviewers
rsmith
Commits
rG648c369ef28c: Do not warn about format strings that are indexed string literals.
rC281686: Do not warn about format strings that are indexed string literals.
rL281686: Do not warn about format strings that are indexed string literals.
Summary

The warning for a format string not being a string literal and therefore
being potentially insecure is overly strict for indices into string
literals. This fix checks if the index into the string literal is
precomputable. If that's the case it will check if the suffix of that
string literal is a valid format string string literal. It will still
issue the aforementioned warning for out of range indices into the
string literal.

Patch by Meike Baumgärtner (meikeb)

Diff Detail

Repository
rL LLVM

Event Timeline

meikeb updated this revision to Diff 71435.Sep 14 2016, 2:25 PM
meikeb retitled this revision from to Do not warn about format strings that are indexed string literals..
meikeb updated this object.
meikeb added a reviewer: rsmith.
meikeb added subscribers: cfe-commits, srhines.
meikeb added a comment.Sep 14 2016, 2:29 PM

This is the same as D23820 besides that I added myself in the commit message as "Patch by". D23820 was reverted in D24579 because srhines' commit took authorship of this patch.

meikeb updated this revision to Diff 71438.Sep 14 2016, 2:31 PM

Fix typos in commit message.

meikeb updated this object.Sep 14 2016, 2:34 PM
rsmith accepted this revision.Sep 15 2016, 4:39 PM
rsmith edited edge metadata.
This revision is now accepted and ready to land.Sep 15 2016, 4:39 PM
meikeb updated this revision to Diff 71581.Sep 15 2016, 5:53 PM
meikeb edited edge metadata.

Rebase to current commit.

meikeb updated this revision to Diff 71583.Sep 15 2016, 6:03 PM

Try to drop randomly uploaded commit.

meikeb updated this revision to Diff 71584.Sep 15 2016, 6:07 PM

Rebase

meikeb updated this revision to Diff 71585.Sep 15 2016, 6:09 PM

.

Closed by commit rL281686: Do not warn about format strings that are indexed string literals. (authored by srhines). · Explain WhySep 15 2016, 6:15 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
cfe/
trunk/
lib/
Sema/
184 lines
test/
Sema/
35 lines

Diff 71586

cfe/trunk/lib/Sema/SemaChecking.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 3,844 Lines▼ Show 20 Lines
enum StringLiteralCheckType { enum StringLiteralCheckType {
SLCT_NotALiteral, SLCT_NotALiteral,
SLCT_UncheckedLiteral, SLCT_UncheckedLiteral,
SLCT_CheckedLiteral SLCT_CheckedLiteral
}; };
} // end anonymous namespace } // end anonymous namespace
static void CheckFormatString(Sema &S, const StringLiteral *FExpr, static void sumOffsets(llvm::APSInt &Offset, llvm::APSInt Addend,
BinaryOperatorKind BinOpKind,
bool AddendIsRight) {
unsigned BitWidth = Offset.getBitWidth();
unsigned AddendBitWidth = Addend.getBitWidth();
// There might be negative interim results.
if (Addend.isUnsigned()) {
Addend = Addend.zext(++AddendBitWidth);
Addend.setIsSigned(true);
}
// Adjust the bit width of the APSInts.
if (AddendBitWidth > BitWidth) {
Offset = Offset.sext(AddendBitWidth);
BitWidth = AddendBitWidth;
} else if (BitWidth > AddendBitWidth) {
Addend = Addend.sext(BitWidth);
}
bool Ov = false;
llvm::APSInt ResOffset = Offset;
if (BinOpKind == BO_Add)
ResOffset = Offset.sadd_ov(Addend, Ov);
else {
assert(AddendIsRight && BinOpKind == BO_Sub &&
"operator must be add or sub with addend on the right");
ResOffset = Offset.ssub_ov(Addend, Ov);
}
// We add an offset to a pointer here so we should support an offset as big as
// possible.
if (Ov) {
assert(BitWidth <= UINT_MAX / 2 && "index (intermediate) result too big");
Offset.sext(2 * BitWidth);
sumOffsets(Offset, Addend, BinOpKind, AddendIsRight);
return;
}
Offset = ResOffset;
}
namespace {
// This is a wrapper class around StringLiteral to support offsetted string
// literals as format strings. It takes the offset into account when returning
// the string and its length or the source locations to display notes correctly.
class FormatStringLiteral {
const StringLiteral *FExpr;
int64_t Offset;
public:
FormatStringLiteral(const StringLiteral *fexpr, int64_t Offset = 0)
: FExpr(fexpr), Offset(Offset) {}
StringRef getString() const {
return FExpr->getString().drop_front(Offset);
}
unsigned getByteLength() const {
return FExpr->getByteLength() - getCharByteWidth() * Offset;
}
unsigned getLength() const { return FExpr->getLength() - Offset; }
unsigned getCharByteWidth() const { return FExpr->getCharByteWidth(); }
StringLiteral::StringKind getKind() const { return FExpr->getKind(); }
QualType getType() const { return FExpr->getType(); }
bool isAscii() const { return FExpr->isAscii(); }
bool isWide() const { return FExpr->isWide(); }
bool isUTF8() const { return FExpr->isUTF8(); }
bool isUTF16() const { return FExpr->isUTF16(); }
bool isUTF32() const { return FExpr->isUTF32(); }
bool isPascal() const { return FExpr->isPascal(); }
SourceLocation getLocationOfByte(
unsigned ByteNo, const SourceManager &SM, const LangOptions &Features,
const TargetInfo &Target, unsigned *StartToken = nullptr,
unsigned *StartTokenByteOffset = nullptr) const {
return FExpr->getLocationOfByte(ByteNo + Offset, SM, Features, Target,
StartToken, StartTokenByteOffset);
}
SourceLocation getLocStart() const LLVM_READONLY {
return FExpr->getLocStart().getLocWithOffset(Offset);
}
SourceLocation getLocEnd() const LLVM_READONLY { return FExpr->getLocEnd(); }
};
} // end anonymous namespace
static void CheckFormatString(Sema &S, const FormatStringLiteral *FExpr,
const Expr *OrigFormatExpr, const Expr *OrigFormatExpr,
ArrayRef<const Expr *> Args, ArrayRef<const Expr *> Args,
bool HasVAListArg, unsigned format_idx, bool HasVAListArg, unsigned format_idx,
unsigned firstDataArg, unsigned firstDataArg,
Sema::FormatStringType Type, Sema::FormatStringType Type,
bool inFunctionCall, bool inFunctionCall,
Sema::VariadicCallType CallType, Sema::VariadicCallType CallType,
llvm::SmallBitVector &CheckedVarArgs, llvm::SmallBitVector &CheckedVarArgs,
UncoveredArgHandler &UncoveredArg); UncoveredArgHandler &UncoveredArg);
// Determine if an expression is a string literal or constant string. // Determine if an expression is a string literal or constant string.
// If this function returns false on the arguments to a function expecting a // If this function returns false on the arguments to a function expecting a
// format string, we will usually need to emit a warning. // format string, we will usually need to emit a warning.
// True string literals are then checked by CheckFormatString. // True string literals are then checked by CheckFormatString.
static StringLiteralCheckType static StringLiteralCheckType
checkFormatStringExpr(Sema &S, const Expr *E, ArrayRef<const Expr *> Args, checkFormatStringExpr(Sema &S, const Expr *E, ArrayRef<const Expr *> Args,
bool HasVAListArg, unsigned format_idx, bool HasVAListArg, unsigned format_idx,
unsigned firstDataArg, Sema::FormatStringType Type, unsigned firstDataArg, Sema::FormatStringType Type,
Sema::VariadicCallType CallType, bool InFunctionCall, Sema::VariadicCallType CallType, bool InFunctionCall,
llvm::SmallBitVector &CheckedVarArgs, llvm::SmallBitVector &CheckedVarArgs,
UncoveredArgHandler &UncoveredArg) { UncoveredArgHandler &UncoveredArg,
llvm::APSInt Offset) {
tryAgain: tryAgain:
assert(Offset.isSigned() && "invalid offset");
if (E->isTypeDependent() || E->isValueDependent()) if (E->isTypeDependent() || E->isValueDependent())
return SLCT_NotALiteral; return SLCT_NotALiteral;
E = E->IgnoreParenCasts(); E = E->IgnoreParenCasts();
if (E->isNullPointerConstant(S.Context, Expr::NPC_ValueDependentIsNotNull)) if (E->isNullPointerConstant(S.Context, Expr::NPC_ValueDependentIsNotNull))
// Technically -Wformat-nonliteral does not warn about this case. // Technically -Wformat-nonliteral does not warn about this case.
// The behavior of printf and friends in this case is implementation // The behavior of printf and friends in this case is implementation
Show All 17 Lines case Stmt::ConditionalOperatorClass: {
bool Cond; bool Cond;
if (C->getCond()->EvaluateAsBooleanCondition(Cond, S.getASTContext())) { if (C->getCond()->EvaluateAsBooleanCondition(Cond, S.getASTContext())) {
if (Cond) if (Cond)
CheckRight = false; CheckRight = false;
else else
CheckLeft = false; CheckLeft = false;
} }
// We need to maintain the offsets for the right and the left hand side
// separately to check if every possible indexed expression is a valid
// string literal. They might have different offsets for different string
// literals in the end.
StringLiteralCheckType Left; StringLiteralCheckType Left;
if (!CheckLeft) if (!CheckLeft)
Left = SLCT_UncheckedLiteral; Left = SLCT_UncheckedLiteral;
else { else {
Left = checkFormatStringExpr(S, C->getTrueExpr(), Args, Left = checkFormatStringExpr(S, C->getTrueExpr(), Args,
HasVAListArg, format_idx, firstDataArg, HasVAListArg, format_idx, firstDataArg,
Type, CallType, InFunctionCall, Type, CallType, InFunctionCall,
CheckedVarArgs, UncoveredArg); CheckedVarArgs, UncoveredArg, Offset);
if (Left == SLCT_NotALiteral || !CheckRight) if (Left == SLCT_NotALiteral || !CheckRight) {
return Left; return Left;
} }
}
StringLiteralCheckType Right = StringLiteralCheckType Right =
checkFormatStringExpr(S, C->getFalseExpr(), Args, checkFormatStringExpr(S, C->getFalseExpr(), Args,
HasVAListArg, format_idx, firstDataArg, HasVAListArg, format_idx, firstDataArg,
Type, CallType, InFunctionCall, CheckedVarArgs, Type, CallType, InFunctionCall, CheckedVarArgs,
UncoveredArg); UncoveredArg, Offset);
return (CheckLeft && Left < Right) ? Left : Right; return (CheckLeft && Left < Right) ? Left : Right;
} }
case Stmt::ImplicitCastExprClass: { case Stmt::ImplicitCastExprClass: {
E = cast<ImplicitCastExpr>(E)->getSubExpr(); E = cast<ImplicitCastExpr>(E)->getSubExpr();
goto tryAgain; goto tryAgain;
} }
Show All 36 Lines if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) {
// Look through initializers like const char c[] = { "foo" } // Look through initializers like const char c[] = { "foo" }
if (const InitListExpr *InitList = dyn_cast<InitListExpr>(Init)) { if (const InitListExpr *InitList = dyn_cast<InitListExpr>(Init)) {
if (InitList->isStringLiteralInit()) if (InitList->isStringLiteralInit())
Init = InitList->getInit(0)->IgnoreParenImpCasts(); Init = InitList->getInit(0)->IgnoreParenImpCasts();
} }
return checkFormatStringExpr(S, Init, Args, return checkFormatStringExpr(S, Init, Args,
HasVAListArg, format_idx, HasVAListArg, format_idx,
firstDataArg, Type, CallType, firstDataArg, Type, CallType,
/*InFunctionCall*/false, CheckedVarArgs, /*InFunctionCall*/ false, CheckedVarArgs,
UncoveredArg); UncoveredArg, Offset);
} }
} }
// For vprintf* functions (i.e., HasVAListArg==true), we add a // For vprintf* functions (i.e., HasVAListArg==true), we add a
// special check to see if the format string is a function parameter // special check to see if the format string is a function parameter
// of the function calling the printf function. If the function // of the function calling the printf function. If the function
// has an attribute indicating it is a printf-like function, then we // has an attribute indicating it is a printf-like function, then we
// should suppress warnings concerning non-literals being used in a call // should suppress warnings concerning non-literals being used in a call
Show All 38 Lines if (const NamedDecl *ND = dyn_cast_or_null<NamedDecl>(CE->getCalleeDecl())) {
if (const CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(ND)) if (const CXXMethodDecl *MD = dyn_cast<CXXMethodDecl>(ND))
if (MD->isInstance()) if (MD->isInstance())
--ArgIndex; --ArgIndex;
const Expr *Arg = CE->getArg(ArgIndex - 1); const Expr *Arg = CE->getArg(ArgIndex - 1);
return checkFormatStringExpr(S, Arg, Args, return checkFormatStringExpr(S, Arg, Args,
HasVAListArg, format_idx, firstDataArg, HasVAListArg, format_idx, firstDataArg,
Type, CallType, InFunctionCall, Type, CallType, InFunctionCall,
CheckedVarArgs, UncoveredArg); CheckedVarArgs, UncoveredArg, Offset);
} else if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(ND)) { } else if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(ND)) {
unsigned BuiltinID = FD->getBuiltinID(); unsigned BuiltinID = FD->getBuiltinID();
if (BuiltinID == Builtin::BI__builtin___CFStringMakeConstantString || if (BuiltinID == Builtin::BI__builtin___CFStringMakeConstantString ||
BuiltinID == Builtin::BI__builtin___NSStringMakeConstantString) { BuiltinID == Builtin::BI__builtin___NSStringMakeConstantString) {
const Expr *Arg = CE->getArg(0); const Expr *Arg = CE->getArg(0);
return checkFormatStringExpr(S, Arg, Args, return checkFormatStringExpr(S, Arg, Args,
HasVAListArg, format_idx, HasVAListArg, format_idx,
firstDataArg, Type, CallType, firstDataArg, Type, CallType,
InFunctionCall, CheckedVarArgs, InFunctionCall, CheckedVarArgs,
UncoveredArg); UncoveredArg, Offset);
} }
} }
} }
return SLCT_NotALiteral; return SLCT_NotALiteral;
} }
case Stmt::ObjCStringLiteralClass: case Stmt::ObjCStringLiteralClass:
case Stmt::StringLiteralClass: { case Stmt::StringLiteralClass: {
const StringLiteral *StrE = nullptr; const StringLiteral *StrE = nullptr;
if (const ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(E)) if (const ObjCStringLiteral *ObjCFExpr = dyn_cast<ObjCStringLiteral>(E))
StrE = ObjCFExpr->getString(); StrE = ObjCFExpr->getString();
else else
StrE = cast<StringLiteral>(E); StrE = cast<StringLiteral>(E);
if (StrE) { if (StrE) {
CheckFormatString(S, StrE, E, Args, HasVAListArg, format_idx, if (Offset.isNegative() || Offset > StrE->getLength()) {
// TODO: It would be better to have an explicit warning for out of
// bounds literals.
return SLCT_NotALiteral;
}
FormatStringLiteral FStr(StrE, Offset.sextOrTrunc(64).getSExtValue());
CheckFormatString(S, &FStr, E, Args, HasVAListArg, format_idx,
firstDataArg, Type, InFunctionCall, CallType, firstDataArg, Type, InFunctionCall, CallType,
CheckedVarArgs, UncoveredArg); CheckedVarArgs, UncoveredArg);
return SLCT_CheckedLiteral; return SLCT_CheckedLiteral;
} }
return SLCT_NotALiteral; return SLCT_NotALiteral;
} }
case Stmt::BinaryOperatorClass: {
llvm::APSInt LResult;
llvm::APSInt RResult;
const BinaryOperator *BinOp = cast<BinaryOperator>(E);
// A string literal + an int offset is still a string literal.
if (BinOp->isAdditiveOp()) {
bool LIsInt = BinOp->getLHS()->EvaluateAsInt(LResult, S.Context);
bool RIsInt = BinOp->getRHS()->EvaluateAsInt(RResult, S.Context);
if (LIsInt != RIsInt) {
BinaryOperatorKind BinOpKind = BinOp->getOpcode();
if (LIsInt) {
if (BinOpKind == BO_Add) {
sumOffsets(Offset, LResult, BinOpKind, RIsInt);
E = BinOp->getRHS();
goto tryAgain;
}
} else {
sumOffsets(Offset, RResult, BinOpKind, RIsInt);
E = BinOp->getLHS();
goto tryAgain;
}
}
return SLCT_NotALiteral;
}
}
case Stmt::UnaryOperatorClass: {
const UnaryOperator *UnaOp = cast<UnaryOperator>(E);
auto ASE = dyn_cast<ArraySubscriptExpr>(UnaOp->getSubExpr());
if (UnaOp->getOpcode() == clang::UO_AddrOf && ASE) {
llvm::APSInt IndexResult;
if (ASE->getRHS()->EvaluateAsInt(IndexResult, S.Context)) {
sumOffsets(Offset, IndexResult, BO_Add, /*RHS is int*/ true);
E = ASE->getBase();
goto tryAgain;
}
}
return SLCT_NotALiteral;
}
default: default:
return SLCT_NotALiteral; return SLCT_NotALiteral;
} }
} }
Sema::FormatStringType Sema::GetFormatStringType(const FormatAttr *Format) { Sema::FormatStringType Sema::GetFormatStringType(const FormatAttr *Format) {
return llvm::StringSwitch<FormatStringType>(Format->getType()->getName()) return llvm::StringSwitch<FormatStringType>(Format->getType()->getName())
▲ Show 20 LinesShow All 50 Lines▼ Show 20 Linesbool Sema::CheckFormatArguments(ArrayRef<const Expr *> Args,
// Format string can be either ObjC string (e.g. @"%d") or // Format string can be either ObjC string (e.g. @"%d") or
// C string (e.g. "%d") // C string (e.g. "%d")
// ObjC string uses the same format specifiers as C string, so we can use // ObjC string uses the same format specifiers as C string, so we can use
// the same format string checking logic for both ObjC and C strings. // the same format string checking logic for both ObjC and C strings.
UncoveredArgHandler UncoveredArg; UncoveredArgHandler UncoveredArg;
StringLiteralCheckType CT = StringLiteralCheckType CT =
checkFormatStringExpr(*this, OrigFormatExpr, Args, HasVAListArg, checkFormatStringExpr(*this, OrigFormatExpr, Args, HasVAListArg,
format_idx, firstDataArg, Type, CallType, format_idx, firstDataArg, Type, CallType,
/*IsFunctionCall*/true, CheckedVarArgs, /*IsFunctionCall*/ true, CheckedVarArgs,
UncoveredArg); UncoveredArg,
/*no string offset*/ llvm::APSInt(64, false) = 0);
// Generate a diagnostic where an uncovered argument is detected. // Generate a diagnostic where an uncovered argument is detected.
if (UncoveredArg.hasUncoveredArg()) { if (UncoveredArg.hasUncoveredArg()) {
unsigned ArgIdx = UncoveredArg.getUncoveredArg() + firstDataArg; unsigned ArgIdx = UncoveredArg.getUncoveredArg() + firstDataArg;
assert(ArgIdx < Args.size() && "ArgIdx outside bounds"); assert(ArgIdx < Args.size() && "ArgIdx outside bounds");
UncoveredArg.Diagnose(*this, /*IsFunctionCall*/true, Args[ArgIdx]); UncoveredArg.Diagnose(*this, /*IsFunctionCall*/true, Args[ArgIdx]);
} }
Show All 39 Linesbool Sema::CheckFormatArguments(ArrayRef<const Expr *> Args,
} }
return false; return false;
} }
namespace { namespace {
class CheckFormatHandler : public analyze_format_string::FormatStringHandler { class CheckFormatHandler : public analyze_format_string::FormatStringHandler {
protected: protected:
Sema &S; Sema &S;
const StringLiteral *FExpr; const FormatStringLiteral *FExpr;
const Expr *OrigFormatExpr; const Expr *OrigFormatExpr;
const unsigned FirstDataArg; const unsigned FirstDataArg;
const unsigned NumDataArgs; const unsigned NumDataArgs;
const char *Beg; // Start of format string. const char *Beg; // Start of format string.
const bool HasVAListArg; const bool HasVAListArg;
ArrayRef<const Expr *> Args; ArrayRef<const Expr *> Args;
unsigned FormatIdx; unsigned FormatIdx;
llvm::SmallBitVector CoveredArgs; llvm::SmallBitVector CoveredArgs;
bool usesPositionalArgs; bool usesPositionalArgs;
bool atFirstArg; bool atFirstArg;
bool inFunctionCall; bool inFunctionCall;
Sema::VariadicCallType CallType; Sema::VariadicCallType CallType;
llvm::SmallBitVector &CheckedVarArgs; llvm::SmallBitVector &CheckedVarArgs;
UncoveredArgHandler &UncoveredArg; UncoveredArgHandler &UncoveredArg;
public: public:
CheckFormatHandler(Sema &s, const StringLiteral *fexpr, CheckFormatHandler(Sema &s, const FormatStringLiteral *fexpr,
const Expr *origFormatExpr, unsigned firstDataArg, const Expr *origFormatExpr, unsigned firstDataArg,
unsigned numDataArgs, const char *beg, bool hasVAListArg, unsigned numDataArgs, const char *beg, bool hasVAListArg,
ArrayRef<const Expr *> Args, ArrayRef<const Expr *> Args,
unsigned formatIdx, bool inFunctionCall, unsigned formatIdx, bool inFunctionCall,
Sema::VariadicCallType callType, Sema::VariadicCallType callType,
llvm::SmallBitVector &CheckedVarArgs, llvm::SmallBitVector &CheckedVarArgs,
UncoveredArgHandler &UncoveredArg) UncoveredArgHandler &UncoveredArg)
: S(s), FExpr(fexpr), OrigFormatExpr(origFormatExpr), : S(s), FExpr(fexpr), OrigFormatExpr(origFormatExpr),
▲ Show 20 LinesShow All 83 Lines▼ Show 20 LinesgetSpecifierRange(const char *startSpecifier, unsigned specifierLen) {
// Advance the end SourceLocation by one due to half-open ranges. // Advance the end SourceLocation by one due to half-open ranges.
End = End.getLocWithOffset(1); End = End.getLocWithOffset(1);
return CharSourceRange::getCharRange(Start, End); return CharSourceRange::getCharRange(Start, End);
} }
SourceLocation CheckFormatHandler::getLocationOfByte(const char *x) { SourceLocation CheckFormatHandler::getLocationOfByte(const char *x) {
return S.getLocationOfStringLiteralByte(FExpr, x - Beg); return FExpr->getLocationOfByte(x - Beg, S.getSourceManager(),
S.getLangOpts(), S.Context.getTargetInfo());
} }
void CheckFormatHandler::HandleIncompleteSpecifier(const char *startSpecifier, void CheckFormatHandler::HandleIncompleteSpecifier(const char *startSpecifier,
unsigned specifierLen){ unsigned specifierLen){
EmitFormatDiagnostic(S.PDiag(diag::warn_printf_incomplete_specifier), EmitFormatDiagnostic(S.PDiag(diag::warn_printf_incomplete_specifier),
getLocationOfByte(startSpecifier), getLocationOfByte(startSpecifier),
/*IsStringLocation*/true, /*IsStringLocation*/true,
getSpecifierRange(startSpecifier, specifierLen)); getSpecifierRange(startSpecifier, specifierLen));
▲ Show 20 LinesShow All 322 Lines▼ Show 20 Lines
//===--- CHECK: Printf format string checking ------------------------------===// //===--- CHECK: Printf format string checking ------------------------------===//
namespace { namespace {
class CheckPrintfHandler : public CheckFormatHandler { class CheckPrintfHandler : public CheckFormatHandler {
bool ObjCContext; bool ObjCContext;
public: public:
CheckPrintfHandler(Sema &s, const StringLiteral *fexpr, CheckPrintfHandler(Sema &s, const FormatStringLiteral *fexpr,
const Expr *origFormatExpr, unsigned firstDataArg, const Expr *origFormatExpr, unsigned firstDataArg,
unsigned numDataArgs, bool isObjC, unsigned numDataArgs, bool isObjC,
const char *beg, bool hasVAListArg, const char *beg, bool hasVAListArg,
ArrayRef<const Expr *> Args, ArrayRef<const Expr *> Args,
unsigned formatIdx, bool inFunctionCall, unsigned formatIdx, bool inFunctionCall,
Sema::VariadicCallType CallType, Sema::VariadicCallType CallType,
llvm::SmallBitVector &CheckedVarArgs, llvm::SmallBitVector &CheckedVarArgs,
UncoveredArgHandler &UncoveredArg) UncoveredArgHandler &UncoveredArg)
▲ Show 20 LinesShow All 770 Lines▼ Show 20 LinesCheckPrintfHandler::checkFormatExpr(const analyze_printf::PrintfSpecifier &FS,
return true; return true;
} }
//===--- CHECK: Scanf format string checking ------------------------------===// //===--- CHECK: Scanf format string checking ------------------------------===//
namespace { namespace {
class CheckScanfHandler : public CheckFormatHandler { class CheckScanfHandler : public CheckFormatHandler {
public: public:
CheckScanfHandler(Sema &s, const StringLiteral *fexpr, CheckScanfHandler(Sema &s, const FormatStringLiteral *fexpr,
const Expr *origFormatExpr, unsigned firstDataArg, const Expr *origFormatExpr, unsigned firstDataArg,
unsigned numDataArgs, const char *beg, bool hasVAListArg, unsigned numDataArgs, const char *beg, bool hasVAListArg,
ArrayRef<const Expr *> Args, ArrayRef<const Expr *> Args,
unsigned formatIdx, bool inFunctionCall, unsigned formatIdx, bool inFunctionCall,
Sema::VariadicCallType CallType, Sema::VariadicCallType CallType,
llvm::SmallBitVector &CheckedVarArgs, llvm::SmallBitVector &CheckedVarArgs,
UncoveredArgHandler &UncoveredArg) UncoveredArgHandler &UncoveredArg)
: CheckFormatHandler(s, fexpr, origFormatExpr, firstDataArg, : CheckFormatHandler(s, fexpr, origFormatExpr, firstDataArg,
▲ Show 20 LinesShow All 154 Lines▼ Show 20 Lines EmitFormatDiagnostic(S.PDiag(diag)
Ex->getLocStart(), Ex->getLocStart(),
/*IsStringLocation*/ false, /*IsStringLocation*/ false,
getSpecifierRange(startSpecifier, specifierLen)); getSpecifierRange(startSpecifier, specifierLen));
} }
return true; return true;
} }
static void CheckFormatString(Sema &S, const StringLiteral *FExpr, static void CheckFormatString(Sema &S, const FormatStringLiteral *FExpr,
const Expr *OrigFormatExpr, const Expr *OrigFormatExpr,
ArrayRef<const Expr *> Args, ArrayRef<const Expr *> Args,
bool HasVAListArg, unsigned format_idx, bool HasVAListArg, unsigned format_idx,
unsigned firstDataArg, unsigned firstDataArg,
Sema::FormatStringType Type, Sema::FormatStringType Type,
bool inFunctionCall, bool inFunctionCall,
Sema::VariadicCallType CallType, Sema::VariadicCallType CallType,
llvm::SmallBitVector &CheckedVarArgs, llvm::SmallBitVector &CheckedVarArgs,
▲ Show 20 LinesShow All 5,464 LinesShow Last 20 Lines

cfe/trunk/test/Sema/format-strings.c

Show First 20 LinesShow All 646 Lines▼ Show 20 Lines
// <rdar://problem/14178260> // <rdar://problem/14178260>
extern void test_format_security_extra_args(const char*, int, ...) extern void test_format_security_extra_args(const char*, int, ...)
__attribute__((__format__(__printf__, 1, 3))); __attribute__((__format__(__printf__, 1, 3)));
void test_format_security_pos(char* string) { void test_format_security_pos(char* string) {
test_format_security_extra_args(string, 5); // expected-warning {{format string is not a string literal (potentially insecure)}} test_format_security_extra_args(string, 5); // expected-warning {{format string is not a string literal (potentially insecure)}}
// expected-note@-1{{treat the string as an argument to avoid this}} // expected-note@-1{{treat the string as an argument to avoid this}}
} }
#pragma GCC diagnostic warning "-Wformat-nonliteral" #pragma GCC diagnostic warning "-Wformat-nonliteral"
void test_char_pointer_arithmetic(int b) {
const char s1[] = "string";
const char s2[] = "%s string";
printf(s1 - 1); // expected-warning {{format string is not a string literal (potentially insecure)}}
// expected-note@-1{{treat the string as an argument to avoid this}}
printf(s1 + 2); // no-warning
printf(s2 + 2); // no-warning
const char s3[] = "%s string";
printf((s3 + 2) - 2); // expected-warning{{more '%' conversions than data arguments}}
// expected-note@-2{{format string is defined here}}
printf(2 + s2); // no-warning
printf(6 + s2 - 2); // no-warning
printf(2 + (b ? s1 : s2)); // no-warning
const char s5[] = "string %s";
printf(2 + (b ? s2 : s5)); // expected-warning{{more '%' conversions than data arguments}}
// expected-note@-2{{format string is defined here}}
printf(2 + (b ? s2 : s5), ""); // no-warning
printf(2 + (b ? s1 : s2 - 2), ""); // no-warning
const char s6[] = "%s string";
printf(2 + (b ? s1 : s6 - 2)); // expected-warning{{more '%' conversions than data arguments}}
// expected-note@-2{{format string is defined here}}
printf(1 ? s2 + 2 : s2); // no-warning
printf(0 ? s2 : s2 + 2); // no-warning
printf(2 + s2 + 5 * 3 - 16, ""); // expected-warning{{data argument not used}}
const char s7[] = "%s string %s %s";
printf(s7 + 3, ""); // expected-warning{{more '%' conversions than data arguments}}
// expected-note@-2{{format string is defined here}}
}