initial support for checking format strings, patch by Ted Kremenek:

"I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf").  Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral."

llvm-svn: 41003

1 files changed, 16 insertions, 0 deletions

diff --git a/clang/Sema/Sema.cpp b/clang/Sema/Sema.cpp
index 64c18a80c0e..76771d0d5c9 100644
--- a/clang/Sema/Sema.cpp
+++ b/clang/Sema/Sema.cpp
@@ -16,10 +16,26 @@
 #include "clang/AST/ASTContext.h"
 #include "clang/Lex/Preprocessor.h"
 #include "clang/Basic/Diagnostic.h"
+
 using namespace clang;
 
 Sema::Sema(Preprocessor &pp, ASTContext &ctxt, std::vector<Decl*> &prevInGroup)
   : PP(pp), Context(ctxt), CurFunctionDecl(0), LastInGroupList(prevInGroup) {
+  
+  // Get IdentifierInfo objects for known functions for which we
+  // do extra checking.  
+  IdentifierTable& IT = PP.getIdentifierTable();  
+
+  KnownFunctionIDs[ id_printf  ] = &IT.get("printf");
+  KnownFunctionIDs[ id_fprintf ] = &IT.get("fprintf");
+  KnownFunctionIDs[ id_sprintf ] = &IT.get("sprintf");
+  KnownFunctionIDs[ id_snprintf ] = &IT.get("snprintf");
+  KnownFunctionIDs[ id_vsnprintf ] = &IT.get("vsnprintf");
+  KnownFunctionIDs[ id_asprintf ] = &IT.get("asprintf");
+  KnownFunctionIDs[ id_vasprintf ] = &IT.get("vasprintf");
+  KnownFunctionIDs[ id_vfprintf ] = &IT.get("vfprintf");
+  KnownFunctionIDs[ id_vsprintf ] = &IT.get("vsprintf");
+  KnownFunctionIDs[ id_vprintf ] = &IT.get("vprintf");
 }
 
 //===----------------------------------------------------------------------===//