r263299 added a fixit for the -Wformat-security warning, but that runs
into complications with our guideline that error recovery should be done
as-if the fixit had been applied. Putting the fixit on a note avoids that.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@263584 91177308-0d34-0410-b5e6-96231b3b80d8
GCC -pedantic produces a format warning when the "%p" specifier is used with
arguments that are not void*. It's useful for portability to be able to
catch such warnings with clang as well. The warning is off by default in
both gcc and with this patch. This patch enables it either when extensions
are disabled with -pedantic, or with the specific flag -Wformat-pedantic.
The C99 and C11 specs do appear to require arguments corresponding to 'p'
specifiers to be void*: "If any argument is not the correct type for the
corresponding conversion specification, the behavior is undefined."
[7.19.6.1 p9], and of the 'p' format specifier "The argument shall be a
pointer to void." [7.19.6.1 p8]
Both printf and scanf format checking are covered.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@231211 91177308-0d34-0410-b5e6-96231b3b80d8
function: it can't be 'void' and it can't be an initializer list. We give a
hard error for these rather than treating them as undefined behavior (we can
and probably should do the same for non-POD types in C++11, but as of this
change we don't).
Slightly rework the checking of variadic arguments in a function with a format
attribute to ensure that certain kinds of format string problem (non-literal
string, too many/too few arguments, ...) don't suppress this error.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187735 91177308-0d34-0410-b5e6-96231b3b80d8
It should not be supported in C++11, since that uses the C99 standard
library, in which 'a' is a format specifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147310 91177308-0d34-0410-b5e6-96231b3b80d8
Bob Wilson