summaryrefslogtreecommitdiffstats
path: root/clang/test/Sema/format-strings.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix printf specifier handling: invalid specifier should not be marked as ↵Mehdi Amini2016-12-151-4/+4
| | | | | | | | | | | | "consuming data arguments" Reviewers: rsmith, bruno, dexonsmith Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D27796 llvm-svn: 289850
* [Sema] Fix PR30481: crash on checking printf args.George Burgess IV2016-09-221-0/+5
| | | | | | | We were falling through from one case to another in a switch statement. Oops. llvm-svn: 282124
* Do not warn about format strings that are indexed string literals.Stephen Hines2016-09-161-0/+35
| | | | | | | | | | | | | | | | | | | | | Summary: The warning for a format string not being a string literal and therefore being potentially insecure is overly strict for indices into string literals. This fix checks if the index into the string literal is precomputable. If that's the case it will check if the suffix of that string literal is a valid format string string literal. It will still issue the aforementioned warning for out of range indices into the string literal. Patch by Meike Baumgärtner (meikeb) Reviewers: rsmith Subscribers: srhines, cfe-commits Differential Revision: https://reviews.llvm.org/D24584 llvm-svn: 281686
* Revert "Do not warn about format strings that are indexed string literals."Stephen Hines2016-09-141-35/+0
| | | | | | | | | | | | Summary: This reverts r281527 because I messed up the attribution. Reviewers: srhines Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D24579 llvm-svn: 281530
* Do not warn about format strings that are indexed string literals.Stephen Hines2016-09-141-0/+35
| | | | | | | | | | | | | | | | | | | Summary: The warning for a format string not being a sting literal and therefore being potentially insecure is overly strict for indecies into sting literals. This fix checks if the index into the string literal is precomputable. If thats the case it will check if the suffix of that sting literal is a valid format string string literal. It will still issue the aforementioned warning for out of range indecies into the string literal. Reviewers: rsmith Subscribers: srhines, cfe-commits Differential Revision: https://reviews.llvm.org/D23820 llvm-svn: 281527
* [Sema] Attempt to fix tests for utf-8 invalid format string specifiersBruno Cardoso Lopes2016-03-291-8/+0
| | | | | | | | | | Followup from r264752. Attempt to appease buildbots: http://lab.llvm.org:8011/builders/clang-ppc64be-linux/builds/2882 http://lab.llvm.org:8011/builders/clang-s390x-linux/builds/2619 llvm-svn: 264765
* [Sema] Handle UTF-8 invalid format string specifiersBruno Cardoso Lopes2016-03-291-0/+8
| | | | | | | | | | | | | | | | | Improve invalid format string specifier handling by printing out invalid specifiers characters with \x, \u and \U. Previously clang would print gargabe whenever the character is unprintable. Example, before: NSLog(@"%\u25B9"); => warning: invalid conversion specifier ' [-Wformat-invalid-specifier] after: NSLog(@"%\u25B9"); => warning: invalid conversion specifier '\u25b9' [-Wformat-invalid-specifier] Differential Revision: http://reviews.llvm.org/D18296 rdar://problem/24672159 llvm-svn: 264752
* Move the fixit for -Wformat-security to a note.Bob Wilson2016-03-151-0/+18
| | | | | | | | r263299 added a fixit for the -Wformat-security warning, but that runs into complications with our guideline that error recovery should be done as-if the fixit had been applied. Putting the fixit on a note avoids that. llvm-svn: 263584
* Reduce false positives in printf/scanf format checkerAndy Gibbs2016-02-261-1/+18
| | | | | | | | | | | | | | | Summary: The printf/scanf format checker is a little over-zealous in handling the conditional operator. This patch reduces work by not checking code-paths that are never used and reduces false positives regarding uncovered arguments, for example in the code fragment: printf(minimal ? "%i\n" : "%i: %s\n", code, msg); Reviewers: rtrieu Subscribers: cfe-commits Differential Revision: http://reviews.llvm.org/D15636 llvm-svn: 262025
* Try to green test/Sema/format-strings.c on Win botsHans Wennborg2014-09-071-1/+1
| | | | llvm-svn: 217327
* Let stddef.h respect __need_{wchar_t, size_t, NULL, ptrdiff_t, wint_t}.Nico Weber2014-04-301-1/+2
| | | | | | | | | | | | | | | | glibc expects that stddef.h only defines a single thing if either of these defines is set. For example, before this change, a C file containing #include <stdlib.h> int ptrdiff_t = 0; would compile with gcc but not with clang. Now it compiles with clang too. This also fixes PR12997, where older versions of the Linux headers would define NULL incorrectly, and glibc would define __need_NULL and expect stddef.h to redefine NULL with the correct definition. llvm-svn: 207606
* Sema: Emit a warning for non-null terminated format strings and other ↵Benjamin Kramer2014-02-201-0/+15
| | | | | | | | pathological cases. PR18905. llvm-svn: 201795
* Correct hyphenations in comments and assert messagesAlp Toker2013-12-051-1/+1
| | | | | | | This patch tries to avoid unrelated changes other than fixing a few hyphen-related ambiguities in nearby lines. llvm-svn: 196466
* Correctly compute the index of the first string format argument when decidingEli Friedman2013-06-181-0/+10
| | | | | | whether to emit a -Wformat-security warning. <rdar://problem/14178260>. llvm-svn: 184214
* Add a comment to test to clarify the intention hereDmitri Gribenko2013-01-121-0/+3
| | | | | | Comment is taken from the commit message of r151080, by Jean-Daniel Dupas llvm-svn: 172332
* Format strings: suggest %lld instead of %qd and %Ld with -Wformat-non-iso.Jordan Rose2012-09-081-0/+1
| | | | | | | As a corollary to the previous commit, even when an extension is available, we can still offer a fixit to the standard modifier. llvm-svn: 163453
* Format strings: %Ld isn't available on Darwin or Windows.Jordan Rose2012-09-081-11/+0
| | | | | | | | | This seems to be a GNU libc extension; we offer a fixit to %lld on these platforms. <rdar://problem/11518237> llvm-svn: 163452
* Properly check length modfiers for %n in format strings.Hans Wennborg2012-08-071-0/+27
| | | | llvm-svn: 161408
* -Wformat: better handling of qualifiers on pointer argumentsHans Wennborg2012-07-311-0/+16
| | | | | | | Warn about using pointers to const-qualified types as arguments to scanf. Ignore the volatile qualifier when checking if types match. llvm-svn: 161052
* Do not warn on correct use of the '%n' format specifier.Matt Beaumont-Gay2012-07-301-15/+6
| | | | | | | | While '%n' can be used for evil in an attacker-controlled format string, there isn't any acute danger in using it in a literal format string with an argument of the appropriate type. llvm-svn: 160984
* Make -Wformat check the argument type for %n.Hans Wennborg2012-07-301-6/+8
| | | | | | | This makes Clang check that the corresponding argument for "%n" in a format string is a pointer to int. llvm-svn: 160966
* Use the argument location instead of the format string location when warningMatt Beaumont-Gay2012-05-171-1/+6
| | | | | | | | | | | | | | | | | | about argument type mismatch. This gives a nicer diagnostic in cases like printf(fmt, i); where previously the snippet just pointed at 'fmt' (with a note at the definition of fmt). It's a wash for cases like printf("%f", i); where previously we snippeted the offending portion of the format string, but didn't indicate which argument was at fault. llvm-svn: 156968
* Merge branch 'format-string-braced-init'Matt Beaumont-Gay2012-05-111-0/+4
| | | | llvm-svn: 156653
* Fix a recent regression with the merging of format attributes.Rafael Espindola2012-05-111-0/+17
| | | | llvm-svn: 156597
* Make -Wformat accept printf("%hhx", c); with -funsigned-charHans Wennborg2012-05-081-0/+6
| | | | | | | | | For "%hhx", printf expects an unsigned char. This makes Clang accept a 'char' argument for that also when using -funsigned-char. This fixes PR12761. llvm-svn: 156388
* Add a predefine __WINT_UNSIGNED__, similar to __WCHAR_UNSIGNED__, and test ↵James Molloy2012-05-041-0/+5
| | | | | | | | | | them both for ARM and X86. Use this to fully fix Sema/format-strings.c for non-x86 platforms. Reviewed by Chandler on IRC. llvm-svn: 156169
* Fix handling of wint_t - we can't assume wint_t is purely an integer ↵James Molloy2012-05-041-7/+4
| | | | | | | | | | | | promotion of wchar_t - they may differ in signedness. Teach ASTContext about WIntType, and have it taken from TargetInfo like WCharType. Should fix test/Sema/format-strings.c for ARM, with the exception of one subtest which will fail if wint_t and wchar_t are the same size and wint_t is signed, wchar_t is unsigned. There'll be a followup commit to fix that. Reviewed by Chandler and Hans at http://llvm.org/reviews/r/8 llvm-svn: 156165
* Add a test for r156092.Bob Wilson2012-05-031-1/+8
| | | | llvm-svn: 156132
* Warn about non-standard format strings (pr12017)Hans Wennborg2012-02-221-1/+0
| | | | | | | | | This adds the -Wformat-non-standard flag (off by default, enabled by -pedantic), which warns about non-standard things in format strings (such as the 'q' length modifier, the 'S' conversion specifier, etc.) llvm-svn: 151154
* When calling a non variadic format function(vprintf, vscanf, NSLogv, …), ↵Jean-Daniel Dupas2012-02-211-6/+29
| | | | | | warn if the format string argument is a parameter that is not itself declared as a format string with compatible format. llvm-svn: 151080
* Format string analysis: give 'q' its own enumerator.Hans Wennborg2012-02-161-1/+3
| | | | | | | | | This is in preparation for being able to warn about 'q' and other non-standard format string features. It also allows us to print its name correctly. llvm-svn: 150697
* Fix typo in PrintfConversionSpecifier::isDoubleArg()Hans Wennborg2012-02-131-0/+2
| | | | | | | This makes the printf diagnostics issue warnigns for %a, %A, %e, etc. when used with the wrong argument. llvm-svn: 150370
* non-literal strftime format string is not unsafe.Jean-Daniel Dupas2012-02-071-1/+2
| | | | llvm-svn: 150009
* FormatCheckers should emit all diagnostics using EmitFormatDiagnostic().Jean-Daniel Dupas2012-01-311-0/+3
| | | | llvm-svn: 149394
* Update on format attribute handling.Jean-Daniel Dupas2012-01-301-0/+11
| | | | | | | - Remove the printf0 special handling as we treat it as printf anyway. - Perform basic checks (non-literal, empty) for all formats and not only printf/scanf. llvm-svn: 149236
* Teach scanf/printf checking about '%Ld' and friends (a GNU extension). ↵Ted Kremenek2012-01-241-0/+11
| | | | | | Fixes PR 9466. llvm-svn: 148859
* Tighten format string diagnostic and make it a bit clearer (and a bit closer ↵Ted Kremenek2012-01-201-22/+22
| | | | | | to GCC's). llvm-svn: 148579
* Fix for PR9751 to change the behavior of -Wformat warnings. If the formatRichard Trieu2011-10-281-0/+76
| | | | | | | | | | | string is part of the function call, then there is no difference. If the format string is not, the warning will point to the call site and a note will point to where the format string is. Fix-it hints for strings are moved to the note if a note is emitted. This will prevent changes to format strings that may be used in multiple places. llvm-svn: 143168
* Tweak printf format string parsing to accept 'hh' conversion specifier to ↵Ted Kremenek2011-10-251-0/+6
| | | | | | accept any char, not just signed char. Fixes <rdar://problem/10303638>. llvm-svn: 142908
* Do not warn about empty format strings when there are no data arguments. ↵Ted Kremenek2011-09-291-1/+6
| | | | | | Fixes <rdar://problem/9473155>. llvm-svn: 140777
* Control 'invalid conversion specifier' warnings under a subflag ↵Ted Kremenek2011-08-271-0/+10
| | | | | | (-Wformat-invalid-specifier) of -Wformat. Fixes <rdar://problem/10031930>. llvm-svn: 138686
* Revert r135147 and r135075. The consensus was that this wasn't the right ↵Ted Kremenek2011-07-141-1/+1
| | | | | | thing to do. llvm-svn: 135152
* Reapply r135075, but modify format-strings.c and format-strings-fixit.c test ↵Ted Kremenek2011-07-141-1/+1
| | | | | | cases to be more portable with an explicit target triple. llvm-svn: 135134
* Re-relax conversion specifier checking for printf format strings and ↵Ted Kremenek2011-07-131-2/+2
| | | | | | conversion specifiers. My recent change was a mistake. llvm-svn: 135048
* Fix inversion in argument type checking for format strings with conversion ↵Ted Kremenek2011-07-131-0/+9
| | | | | | specifiers for character types. llvm-svn: 135046
* Don't add redundant FormatAttr, ConstAttr, or NoThrowAttr attributes,Douglas Gregor2011-06-151-0/+5
| | | | | | | either imlicitly (for builtins) or explicitly (due to multiple specification of the same attributes). Fixes <rdar://problem/9612060>. llvm-svn: 133045
* Don't warn about using PredefinedExprs as format string literals. These ↵Ted Kremenek2011-02-241-0/+8
| | | | | | | | never can be a real security issue. Fixes PR 9314. llvm-svn: 126447
* Allow -Wformat to be enabled without -Wformat-security. GCC gatesChandler Carruth2011-02-211-0/+10
| | | | | | | | -Wformat-security on -Wformat, not vice-versa. Fixes PR8486. Patch by Oleg Slezberg. llvm-svn: 126096
* Add semantic checking that the "thousands grouping"Ted Kremenek2011-01-081-0/+3
| | | | | | | prefix in a printf format string is matched with the appropriate conversion specifier. llvm-svn: 123055
* Add printf format string parsing support for 'Ted Kremenek2011-01-081-0/+6
| | | | | | prefix to format conversions (POSIX extension). llvm-svn: 123054
OpenPOWER on IntegriCloud