[LLVMbugs] [Bug 17886] New: Incorrect security warning when format string is conditional between two constants

bugzilla-daemon Mon, 11 Nov 2013 15:28:03 -0800

http://llvm.org/bugs/show_bug.cgi?id=17886


            Bug ID: 17886
           Summary: Incorrect security warning when format string is
                    conditional between two constants
           Product: clang
           Version: trunk
          Hardware: Macintosh
                OS: MacOS X
            Status: NEW
          Severity: normal
          Priority: P
         Component: -New Bugs
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected]
    Classification: Unclassified

Created attachment 11522
  --> http://llvm.org/bugs/attachment.cgi?id=11522&action=edit
sample case

Rather than having excessively long calls to functions like
NSRunInformationalAlertPanel(), it is (extremely) common to declare the
parameters individually first.

clang-sa now spuriously warns on this case. It should also avoid warning on
simple conditionals that result in the same 'kind' of format string, with
exactly the same format specifiers in the same order. Note that this should
exclude '%%' specifiers or other specifiers that don't consume arguments.

See the attached sample.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

_______________________________________________
LLVMbugs mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/llvmbugs

[LLVMbugs] [Bug 17886] New: Incorrect security warning when format string is conditional between two constants

Reply via email to