Commits · 6d5922fd663d945f97604f46fa9c73d5390079d5 · Roger Ferrer / llvm-epi-0.8

Aug 25, 2007
- Fix the regression on test/Sema/cfstring.c · 9449fd7b
  Chris Lattner authored Aug 25, 2007
```
llvm-svn: 41396
```
  9449fd7b
Aug 20, 2007

Modified ArraySubscriptExpr to have accessors getLHS and getRHS in addition · c81614d5

Ted Kremenek authored Aug 20, 2007

to getBase and getIdx.  getBase and getIdx now return a "normalized" view
of the expression (e.g., always "A[4]" instead of possibly "4[A]").  getLHS
and getRHS return the expressions with syntactic fidelity to the original
source code.

Also modified client code of ArraySubscriptExpr, including the AST dumper
and pretty printer, the return-stack value checker, and the LLVM code
generator.

llvm-svn: 41180

c81614d5

Aug 17, 2007
- Added extra semantic checking to do basic detection of · cff94fa2
  Ted Kremenek authored Aug 17, 2007
```
"return of stack addresses."  ParseReturnStmt now calls CheckReturnStackAddr
to determine if the expression in the return statement evaluates to an
address of a stack variable.  If so, we issue a warning. 

llvm-svn: 41141
```
  cff94fa2
- Return true in case of error, which is what other functions do. · a3a9c438
  Anders Carlsson authored Aug 17, 2007
```
llvm-svn: 41140
```
  a3a9c438
- Add initial support for constant CFStrings. · 98f0790f
  Anders Carlsson authored Aug 17, 2007
```
llvm-svn: 41136
```
  98f0790f
Aug 14, 2007

Added support for additional format string checking for the printf · e68f1aad

Ted Kremenek authored Aug 14, 2007

family of functions.  Previous functionality only included checking to
see if the format string was a string literal.  Now we check parse the
format string (if it is a literal) and perform the following checks:

(1) Warn if: number conversions (e.g. "%d") != number data arguments.

(2) Warn about missing format strings  (e.g., "printf()").

(3) Warn if the format string is not a string literal.

(4) Warn about the use se of '%n' conversion.  This conversion is
    discouraged for security reasons.

(5) Warn about malformed conversions.  For example '%;', '%v'; these
    are not valid.

(6) Warn about empty format strings; e.g. printf("").  Although these
    can be optimized away by the compiler, they can be indicative of
    broken programmer logic.  We may need to add additional support to
    see when such cases occur within macro expansion to avoid false
    positives.

(7) Warn if the string literal is wide; e.g. L"%d".

(8) Warn if we detect a '\0' character WITHIN the format string.

Test cases are included.

llvm-svn: 41076

e68f1aad

Aug 10, 2007

Added "id_idx" parameter to CheckPrintfArguments. This will be used · 56c864e3
Ted Kremenek authored Aug 10, 2007
```
by CheckPrintfArguments to determine if a given printf function
accepts a va_arg argument.

llvm-svn: 41008
```
56c864e3

initial support for checking format strings, patch by Ted Kremenek: · b87b1b36

Chris Lattner authored Aug 10, 2007

"I've coded up some support in clang to flag warnings for non-constant format strings used in calls to printf-like functions (all the functions listed in "man fprintf").  Non-constant format strings are a source of many security exploits in C/C++ programs, and I believe are currently detected by gcc using the flag -Wformat-nonliteral."

llvm-svn: 41003

b87b1b36