subject:"\[PATCH\] D133197\: \[clang\] Fix crash when parsing scanf format string with missing arguments"

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

2022-09-05 Thread serge via Phabricator via cfe-commits

This revision was automatically updated to reflect the committed changes.
Closed by commit rGab09043a1985: [clang] Fix crash when parsing scanf format 
string with missing arguments (authored by serge-sans-paille).

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D133197/new/

https://reviews.llvm.org/D133197

Files:
  clang/lib/Sema/SemaChecking.cpp
  clang/test/Sema/format-strings-scanf.c


Index: clang/test/Sema/format-strings-scanf.c
===
--- clang/test/Sema/format-strings-scanf.c
+++ clang/test/Sema/format-strings-scanf.c
@@ -69,6 +69,11 @@
   scanf("%#.2Lf", ld); // expected-warning{{invalid conversion specifier '#'}}
 }
 
+void missing_argument_with_length_modifier() {
+  char buf[30];
+  scanf("%s:%900s", buf); // expected-warning{{more '%' conversions than data 
arguments}}
+}
+
 // Test that the scanf call site is where the warning is attached.  If the
 // format string is somewhere else, point to it in a note.
 void pr9751(void) {
Index: clang/lib/Sema/SemaChecking.cpp
===
--- clang/lib/Sema/SemaChecking.cpp
+++ clang/lib/Sema/SemaChecking.cpp
@@ -1066,6 +1066,9 @@
   return llvm::None;
 unsigned NewIndex = *IndexOptional;
 
+if (NewIndex >= TheCall->getNumArgs())
+  return llvm::None;
+
 const Expr *ObjArg = TheCall->getArg(NewIndex);
 uint64_t Result;
 if (!ObjArg->tryEvaluateObjectSize(Result, getASTContext(), BOSType))


Index: clang/test/Sema/format-strings-scanf.c
===
--- clang/test/Sema/format-strings-scanf.c
+++ clang/test/Sema/format-strings-scanf.c
@@ -69,6 +69,11 @@
   scanf("%#.2Lf", ld); // expected-warning{{invalid conversion specifier '#'}}
 }
 
+void missing_argument_with_length_modifier() {
+  char buf[30];
+  scanf("%s:%900s", buf); // expected-warning{{more '%' conversions than data arguments}}
+}
+
 // Test that the scanf call site is where the warning is attached.  If the
 // format string is somewhere else, point to it in a note.
 void pr9751(void) {
Index: clang/lib/Sema/SemaChecking.cpp
===
--- clang/lib/Sema/SemaChecking.cpp
+++ clang/lib/Sema/SemaChecking.cpp
@@ -1066,6 +1066,9 @@
   return llvm::None;
 unsigned NewIndex = *IndexOptional;
 
+if (NewIndex >= TheCall->getNumArgs())
+  return llvm::None;
+
 const Expr *ObjArg = TheCall->getArg(NewIndex);
 uint64_t Result;
 if (!ObjArg->tryEvaluateObjectSize(Result, getASTContext(), BOSType))
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

2022-09-02 Thread Alexander Shaposhnikov via Phabricator via cfe-commits

alexander-shaposhnikov added a comment.

LG


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D133197/new/

https://reviews.llvm.org/D133197

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

2022-09-02 Thread Aaron Ballman via Phabricator via cfe-commits

aaron.ballman accepted this revision.
aaron.ballman added a comment.

LGTM!

In D133197#3766797 , @inclyc wrote:

> Thanks @serge-sans-paille! Basically LGTM. Maybe we need to backport this 
> patch though? @aaron.ballman

Clang 15 is closed for backports that aren't critical at this point AFAIK 
(we're slated to release Clang 15 in a few days). I believe this isn't fixing a 
recent regression, so the change should also have a release note.

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D133197/new/

https://reviews.llvm.org/D133197

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

2022-09-02 Thread YingChi Long via Phabricator via cfe-commits

inclyc added a reviewer: aaron.ballman.
inclyc accepted this revision.
inclyc added a subscriber: aaron.ballman.
inclyc added a comment.
This revision is now accepted and ready to land.

Thanks @serge-sans-paille! Basically LGTM. Maybe we need to backport this patch 
though? @aaron.ballman


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D133197/new/

https://reviews.llvm.org/D133197

___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

2022-09-02 Thread serge via Phabricator via cfe-commits

serge-sans-paille created this revision.
Herald added a project: All.
serge-sans-paille requested review of this revision.
Herald added a project: clang.
Herald added a subscriber: cfe-commits.

When parsing a format string with less argument than specified, one should check
argument access because there may be no such argument.

This fixes #57517


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D133197

Files:
  clang/lib/Sema/SemaChecking.cpp
  clang/test/Sema/format-strings-scanf.c


Index: clang/test/Sema/format-strings-scanf.c
===
--- clang/test/Sema/format-strings-scanf.c
+++ clang/test/Sema/format-strings-scanf.c
@@ -69,6 +69,11 @@
   scanf("%#.2Lf", ld); // expected-warning{{invalid conversion specifier '#'}}
 }
 
+void missing_argument_with_length_modifier() {
+  char buf[30];
+  scanf("%s:%900s", buf); // expected-warning{{more '%' conversions than data 
arguments}}
+}
+
 // Test that the scanf call site is where the warning is attached.  If the
 // format string is somewhere else, point to it in a note.
 void pr9751(void) {
Index: clang/lib/Sema/SemaChecking.cpp
===
--- clang/lib/Sema/SemaChecking.cpp
+++ clang/lib/Sema/SemaChecking.cpp
@@ -1066,6 +1066,9 @@
   return llvm::None;
 unsigned NewIndex = *IndexOptional;
 
+if (NewIndex >= TheCall->getNumArgs())
+  return llvm::None;
+
 const Expr *ObjArg = TheCall->getArg(NewIndex);
 uint64_t Result;
 if (!ObjArg->tryEvaluateObjectSize(Result, getASTContext(), BOSType))


Index: clang/test/Sema/format-strings-scanf.c
===
--- clang/test/Sema/format-strings-scanf.c
+++ clang/test/Sema/format-strings-scanf.c
@@ -69,6 +69,11 @@
   scanf("%#.2Lf", ld); // expected-warning{{invalid conversion specifier '#'}}
 }
 
+void missing_argument_with_length_modifier() {
+  char buf[30];
+  scanf("%s:%900s", buf); // expected-warning{{more '%' conversions than data arguments}}
+}
+
 // Test that the scanf call site is where the warning is attached.  If the
 // format string is somewhere else, point to it in a note.
 void pr9751(void) {
Index: clang/lib/Sema/SemaChecking.cpp
===
--- clang/lib/Sema/SemaChecking.cpp
+++ clang/lib/Sema/SemaChecking.cpp
@@ -1066,6 +1066,9 @@
   return llvm::None;
 unsigned NewIndex = *IndexOptional;
 
+if (NewIndex >= TheCall->getNumArgs())
+  return llvm::None;
+
 const Expr *ObjArg = TheCall->getArg(NewIndex);
 uint64_t Result;
 if (!ObjArg->tryEvaluateObjectSize(Result, getASTContext(), BOSType))
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

[PATCH] D133197: [clang] Fix crash when parsing scanf format string with missing arguments

5 matches

Site Navigation

Mail list logo

Footer information