From b87b1b36eea885786dface81cf487eaffec58796 Mon Sep 17 00:00:00 2001 From: Chris Lattner Date: Fri, 10 Aug 2007 20:18:51 +0000 Subject: initial support for checking format strings, patch by Ted Kremenek: "I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf"). Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral." llvm-svn: 41003 --- clang/test/Sema/format-strings.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 clang/test/Sema/format-strings.c (limited to 'clang/test/Sema/format-strings.c') diff --git a/clang/test/Sema/format-strings.c b/clang/test/Sema/format-strings.c new file mode 100644 index 00000000000..f71cd586458 --- /dev/null +++ b/clang/test/Sema/format-strings.c @@ -0,0 +1,23 @@ +// RUN: clang -parse-ast-check %s + +#include +#include + +void check_string_literal( FILE* fp, const char* s, char *buf, ... ) { + + char * b; + va_list ap; + va_start(ap,buf); + + printf(s); // expected-warning {{format string is not a string literal}} + vprintf(s,ap); // expected-warning {{format string is not a string liter}} + fprintf(fp,s); // expected-warning {{format string is not a string literal}} + vfprintf(fp,s,ap); // expected-warning {{format string is not a string lit}} + asprintf(&b,s); // expected-warning {{format string is not a string lit}} + vasprintf(&b,s,ap); // expected-warning {{format string is not a string lit}} + sprintf(buf,s); // expected-warning {{format string is not a string literal}} + snprintf(buf,2,s); // expected-warning {{format string is not a string lit}} + vsprintf(buf,s,ap); // expected-warning {{format string is not a string lit}} + vsnprintf(buf,2,s,ap); // expected-warning {{mat string is not a string lit}} +} + -- cgit v1.2.3