Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[clang] Fortify warning for scanf calls with field width too big.
Differential Revision: https://reviews.llvm.org/D111833
- Loading branch information
1 parent
3f3103c
commit 5a8c173
Showing
3 changed files
with
198 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
// RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 %s -verify | ||
|
||
typedef struct _FILE FILE; | ||
extern int scanf(const char *format, ...); | ||
extern int fscanf(FILE *f, const char *format, ...); | ||
extern int sscanf(const char *input, const char *format, ...); | ||
|
||
void call_scanf() { | ||
char buf10[10]; | ||
char buf20[20]; | ||
char buf30[30]; | ||
scanf("%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}} | ||
scanf("%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 12}} | ||
scanf("%4s %5s %9s", buf20, buf30, buf10); | ||
scanf("%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}} | ||
scanf("%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 22}} | ||
scanf("%19s %5s %9s", buf20, buf30, buf10); | ||
scanf("%19s %29s %9s", buf20, buf30, buf10); | ||
|
||
scanf("%4[a] %5[a] %10[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}} | ||
scanf("%4[a] %5[a] %11[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 12}} | ||
scanf("%4[a] %5[a] %9[a]", buf20, buf30, buf10); | ||
scanf("%20[a] %5[a] %9[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}} | ||
scanf("%21[a] %5[a] %9[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 22}} | ||
scanf("%19[a] %5[a] %9[a]", buf20, buf30, buf10); | ||
scanf("%19[a] %29[a] %9[a]", buf20, buf30, buf10); | ||
|
||
scanf("%4c %5c %10c", buf20, buf30, buf10); | ||
scanf("%4c %5c %11c", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}} | ||
scanf("%4c %5c %9c", buf20, buf30, buf10); | ||
scanf("%20c %5c %9c", buf20, buf30, buf10); | ||
scanf("%21c %5c %9c", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}} | ||
|
||
// Don't warn for other specifiers. | ||
int x; | ||
scanf("%12d", &x); | ||
} | ||
|
||
void call_sscanf() { | ||
char buf10[10]; | ||
char buf20[20]; | ||
char buf30[30]; | ||
sscanf("a b c", "%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 11}} | ||
sscanf("a b c", "%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 12}} | ||
sscanf("a b c", "%4s %5s %9s", buf20, buf30, buf10); | ||
sscanf("a b c", "%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 21}} | ||
sscanf("a b c", "%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 22}} | ||
sscanf("a b c", "%19s %5s %9s", buf20, buf30, buf10); | ||
sscanf("a b c", "%19s %29s %9s", buf20, buf30, buf10); | ||
} | ||
|
||
void call_fscanf() { | ||
char buf10[10]; | ||
char buf20[20]; | ||
char buf30[30]; | ||
fscanf(0, "%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 11}} | ||
fscanf(0, "%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 12}} | ||
fscanf(0, "%4s %5s %9s", buf20, buf30, buf10); | ||
fscanf(0, "%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 21}} | ||
fscanf(0, "%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 22}} | ||
fscanf(0, "%19s %5s %9s", buf20, buf30, buf10); | ||
fscanf(0, "%19s %29s %9s", buf20, buf30, buf10); | ||
} |