From f3b323debc949cf67cb395337fc0d5d5b26c21b9 Mon Sep 17 00:00:00 2001 From: Benjamin Kramer Date: Sat, 20 Aug 2016 16:51:33 +0000 Subject: [PATCH] [Sema] Don't crash on scanf on forward-declared enums. This is valid in GNU C, which allows pointers to incomplete enums. GCC just pretends that the underlying type is 'int' in those cases, follow that behavior. llvm-svn: 279374 --- clang/lib/Analysis/FormatString.cpp | 17 ++++++++++++++--- clang/lib/Analysis/ScanfFormatString.cpp | 6 +++++- clang/test/Sema/format-strings-enum.c | 16 ++++++++++++++++ 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/clang/lib/Analysis/FormatString.cpp b/clang/lib/Analysis/FormatString.cpp index 83d08b55427f..0872e788c60b 100644 --- a/clang/lib/Analysis/FormatString.cpp +++ b/clang/lib/Analysis/FormatString.cpp @@ -310,8 +310,13 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const { return Match; case AnyCharTy: { - if (const EnumType *ETy = argTy->getAs()) + if (const EnumType *ETy = argTy->getAs()) { + // If the enum is incomplete we know nothing about the underlying type. + // Assume that it's 'int'. + if (!ETy->getDecl()->isComplete()) + return NoMatch; argTy = ETy->getDecl()->getIntegerType(); + } if (const BuiltinType *BT = argTy->getAs()) switch (BT->getKind()) { @@ -327,8 +332,14 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const { } case SpecificTy: { - if (const EnumType *ETy = argTy->getAs()) - argTy = ETy->getDecl()->getIntegerType(); + if (const EnumType *ETy = argTy->getAs()) { + // If the enum is incomplete we know nothing about the underlying type. + // Assume that it's 'int'. + if (!ETy->getDecl()->isComplete()) + argTy = C.IntTy; + else + argTy = ETy->getDecl()->getIntegerType(); + } argTy = C.getCanonicalType(argTy).getUnqualifiedType(); if (T == argTy) diff --git a/clang/lib/Analysis/ScanfFormatString.cpp b/clang/lib/Analysis/ScanfFormatString.cpp index 82b038864c23..3b93f1a57f1f 100644 --- a/clang/lib/Analysis/ScanfFormatString.cpp +++ b/clang/lib/Analysis/ScanfFormatString.cpp @@ -418,8 +418,12 @@ bool ScanfSpecifier::fixType(QualType QT, QualType RawQT, QualType PT = QT->getPointeeType(); // If it's an enum, get its underlying type. - if (const EnumType *ETy = PT->getAs()) + if (const EnumType *ETy = PT->getAs()) { + // Don't try to fix incomplete enums. + if (!ETy->getDecl()->isComplete()) + return false; PT = ETy->getDecl()->getIntegerType(); + } const BuiltinType *BT = PT->getAs(); if (!BT) diff --git a/clang/test/Sema/format-strings-enum.c b/clang/test/Sema/format-strings-enum.c index e79f8598ab47..ba077a887e01 100644 --- a/clang/test/Sema/format-strings-enum.c +++ b/clang/test/Sema/format-strings-enum.c @@ -11,6 +11,7 @@ #endif EXTERN_C int printf(const char *,...); +EXTERN_C int scanf(const char *, ...); typedef enum { Constant = 0 } TestEnum; // Note that in C, the type of 'Constant' is 'int'. In C++ it is 'TestEnum'. @@ -34,3 +35,18 @@ void testLong(LongEnum input) { printf("%lu", input); printf("%lu", LongConstant); } + +#ifndef __cplusplus +// GNU C allows forward declaring enums. +extern enum forward_declared *fwd; + +void forward_enum() { + printf("%u", fwd); // expected-warning{{format specifies type 'unsigned int' but the argument has type 'enum forward_declared *}} + printf("%p", fwd); + + scanf("%c", fwd); // expected-warning{{format specifies type 'char *' but the argument has type 'enum forward_declared *}} + scanf("%u", fwd); + scanf("%lu", fwd); // expected-warning{{format specifies type 'unsigned long *' but the argument has type 'enum forward_declared *}} + scanf("%p", fwd); // expected-warning{{format specifies type 'void **' but the argument has type 'enum forward_declared *}} +} +#endif