clang/test/Sema/warn-fortify-scanf.c

   1 // RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 %s -verify
   2
   3 typedef struct _FILE FILE;
   4 extern int scanf(const char *format, ...);
   5 extern int fscanf(FILE *f, const char *format, ...);
   6 extern int sscanf(const char *input, const char *format, ...);
   7
   8 void call_scanf(void) {
   9   char buf10[10];
  10   char buf20[20];
  11   char buf30[30];
  12   scanf("%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}}
  13   scanf("%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 12}}
  14   scanf("%4s %5s %9s", buf20, buf30, buf10);
  15   scanf("%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}}
  16   scanf("%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 22}}
  17   scanf("%19s %5s %9s", buf20, buf30, buf10);
  18   scanf("%19s %29s %9s", buf20, buf30, buf10);
  19
  20   scanf("%*21s %*30s %10s", buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 10, but the corresponding specifier may require size 11}}
  21   scanf("%*21s %5s", buf10);
  22   scanf("%10s %*30s", buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 10, but the corresponding specifier may require size 11}}
  23   scanf("%9s %*30s", buf10);
  24
  25   scanf("%4[a] %5[a] %10[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}}
  26   scanf("%4[a] %5[a] %11[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 12}}
  27   scanf("%4[a] %5[a] %9[a]", buf20, buf30, buf10);
  28   scanf("%20[a] %5[a] %9[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}}
  29   scanf("%21[a] %5[a] %9[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 22}}
  30   scanf("%19[a] %5[a] %9[a]", buf20, buf30, buf10);
  31   scanf("%19[a] %29[a] %9[a]", buf20, buf30, buf10);
  32
  33   scanf("%4c %5c %10c", buf20, buf30, buf10);
  34   scanf("%4c %5c %11c", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}}
  35   scanf("%4c %5c %9c", buf20, buf30, buf10);
  36   scanf("%20c %5c %9c", buf20, buf30, buf10);
  37   scanf("%21c %5c %9c", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}}
  38
  39   // Don't warn for other specifiers.
  40   int x;
  41   scanf("%12d", &x);
  42 }
  43
  44 void call_sscanf(void) {
  45   char buf10[10];
  46   char buf20[20];
  47   char buf30[30];
  48   sscanf("a b c", "%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 11}}
  49   sscanf("a b c", "%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 12}}
  50   sscanf("a b c", "%4s %5s %9s", buf20, buf30, buf10);
  51   sscanf("a b c", "%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 21}}
  52   sscanf("a b c", "%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 22}}
  53   sscanf("a b c", "%19s %5s %9s", buf20, buf30, buf10);
  54   sscanf("a b c", "%19s %29s %9s", buf20, buf30, buf10);
  55 }
  56
  57 void call_fscanf(void) {
  58   char buf10[10];
  59   char buf20[20];
  60   char buf30[30];
  61   fscanf(0, "%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 11}}
  62   fscanf(0, "%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 12}}
  63   fscanf(0, "%4s %5s %9s", buf20, buf30, buf10);
  64   fscanf(0, "%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 21}}
  65   fscanf(0, "%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 22}}
  66   fscanf(0, "%19s %5s %9s", buf20, buf30, buf10);
  67   fscanf(0, "%19s %29s %9s", buf20, buf30, buf10);
  68 }