From 9c27c6bd260a3e4d531a2ebbcff339c4600da04f Mon Sep 17 00:00:00 2001
From: Benjamin Kramer <benny.kra@googlemail.com>
Date: Sat, 20 Aug 2016 16:51:33 +0000
Subject: [PATCH] [Sema] Don't crash on scanf on forward-declared enums.
This is valid in GNU C, which allows pointers to incomplete enums. GCC
just pretends that the underlying type is 'int' in those cases, follow
that behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@279374 91177308-0d34-0410-b5e6-96231b3b80d8
---
lib/Analysis/FormatString.cpp | 17 ++++++++++++++---
lib/Analysis/ScanfFormatString.cpp | 6 +++++-
test/Sema/format-strings-enum.c | 16 ++++++++++++++++
3 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/lib/Analysis/FormatString.cpp b/lib/Analysis/FormatString.cpp
index 83d08b55427..0872e788c60 100644
--- a/lib/Analysis/FormatString.cpp
+++ b/lib/Analysis/FormatString.cpp
@@ -310,8 +310,13 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const {
return Match;
case AnyCharTy: {
- if (const EnumType *ETy = argTy->getAs<EnumType>())
+ if (const EnumType *ETy = argTy->getAs<EnumType>()) {
+ // If the enum is incomplete we know nothing about the underlying type.
+ // Assume that it's 'int'.
+ if (!ETy->getDecl()->isComplete())
+ return NoMatch;
argTy = ETy->getDecl()->getIntegerType();
+ }
if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
switch (BT->getKind()) {
@@ -327,8 +332,14 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const {
}
case SpecificTy: {
- if (const EnumType *ETy = argTy->getAs<EnumType>())
- argTy = ETy->getDecl()->getIntegerType();
+ if (const EnumType *ETy = argTy->getAs<EnumType>()) {
+ // If the enum is incomplete we know nothing about the underlying type.
+ // Assume that it's 'int'.
+ if (!ETy->getDecl()->isComplete())
+ argTy = C.IntTy;
+ else
+ argTy = ETy->getDecl()->getIntegerType();
+ }
argTy = C.getCanonicalType(argTy).getUnqualifiedType();
if (T == argTy)
diff --git a/lib/Analysis/ScanfFormatString.cpp b/lib/Analysis/ScanfFormatString.cpp
index 82b038864c2..3b93f1a57f1 100644
--- a/lib/Analysis/ScanfFormatString.cpp
+++ b/lib/Analysis/ScanfFormatString.cpp
@@ -418,8 +418,12 @@ bool ScanfSpecifier::fixType(QualType QT, QualType RawQT,
QualType PT = QT->getPointeeType();
// If it's an enum, get its underlying type.
- if (const EnumType *ETy = PT->getAs<EnumType>())
+ if (const EnumType *ETy = PT->getAs<EnumType>()) {
+ // Don't try to fix incomplete enums.
+ if (!ETy->getDecl()->isComplete())
+ return false;
PT = ETy->getDecl()->getIntegerType();
+ }
const BuiltinType *BT = PT->getAs<BuiltinType>();
if (!BT)
diff --git a/test/Sema/format-strings-enum.c b/test/Sema/format-strings-enum.c
index e79f8598ab4..ba077a887e0 100644
--- a/test/Sema/format-strings-enum.c
+++ b/test/Sema/format-strings-enum.c
@@ -11,6 +11,7 @@
#endif
EXTERN_C int printf(const char *,...);
+EXTERN_C int scanf(const char *, ...);
typedef enum { Constant = 0 } TestEnum;
// Note that in C, the type of 'Constant' is 'int'. In C++ it is 'TestEnum'.
@@ -34,3 +35,18 @@ void testLong(LongEnum input) {
printf("%lu", input);
printf("%lu", LongConstant);
}
+
+#ifndef __cplusplus
+// GNU C allows forward declaring enums.
+extern enum forward_declared *fwd;
+
+void forward_enum() {
+ printf("%u", fwd); // expected-warning{{format specifies type 'unsigned int' but the argument has type 'enum forward_declared *}}
+ printf("%p", fwd);
+
+ scanf("%c", fwd); // expected-warning{{format specifies type 'char *' but the argument has type 'enum forward_declared *}}
+ scanf("%u", fwd);
+ scanf("%lu", fwd); // expected-warning{{format specifies type 'unsigned long *' but the argument has type 'enum forward_declared *}}
+ scanf("%p", fwd); // expected-warning{{format specifies type 'void **' but the argument has type 'enum forward_declared *}}
+}
+#endif
--
GitLab