non-literal strftime format string is not unsafe.

llvm-svn: 150009

2 files changed, 7 insertions, 1 deletions

diff --git a/clang/lib/Sema/SemaChecking.cpp b/clang/lib/Sema/SemaChecking.cpp
index c3b957cb606..378930a0e5b 100644
--- a/clang/lib/Sema/SemaChecking.cpp
+++ b/clang/lib/Sema/SemaChecking.cpp
@@ -1584,6 +1584,11 @@ void Sema::CheckFormatArguments(Expr **Args, unsigned NumArgs,
                              format_idx, firstDataArg, Type))
     return;  // Literal format string found, check done!
 
+  // Strftime is particular as it always uses a single 'time' argument,
+  // so it is safe to pass a non-literal string.
+  if (Type == FST_Strftime)
+    return;
+
   // Do not emit diag when the string param is a macro expansion and the
   // format is either NSString or CFString. This is a hack to prevent
   // diag when using the NSLocalizedString and CFCopyLocalizedString macros
diff --git a/clang/test/Sema/format-strings.c b/clang/test/Sema/format-strings.c
index 3a95df5038c..dcff75a07a9 100644
--- a/clang/test/Sema/format-strings.c
+++ b/clang/test/Sema/format-strings.c
@@ -491,6 +491,7 @@ void __attribute__((format(strftime,1,0))) dateformat(const char *fmt);
 void test_other_formats() {
   char *str = "";
   monformat("", 1); // expected-warning{{format string is empty}}
+  monformat(str); // expected-warning{{format string is not a string literal (potentially insecure)}}
   dateformat(""); // expected-warning{{format string is empty}}
-  dateformat(str); // expected-warning{{format string is not a string literal (potentially insecure)}}
+  dateformat(str); // no-warning (using strftime non literal is not unsafe)
 }