| Message ID | 20250110181508.350378-5-adhemerval.zanella@linaro.org |
|---|---|
| State | Accepted |
| Commit | e59bdf63cbe16b018f8b9b38f1daf9ece2329ab8 |
| Headers | show |
| Series | More fixes for building tests with clang | expand |
> On 10 Jan 2025, at 18:15, Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote: > > clang-19 shows: > > scanf13.c:28:40: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 11 [-Werror,-Wfortify-source] > 28 | "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) > | ^ > scanf13.c:94:34: error: 'sscanf' may overflow; destination buffer in argument 3 has size 8, but the corresponding specifier may require size 2049 [-Werror,-Wfortify-source] > 94 | if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) > | ^ > scanf13.c:110:61: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 1501 [-Werror,-Wfortify-source] > 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) > | ^ > scanf13.c:110:67: error: 'sscanf' may overflow; destination buffer in argument 5 has size 8, but the corresponding specifier may require size 549 [-Werror,-Wfortify-source] > 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) > --- > stdio-common/scanf13.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/stdio-common/scanf13.c b/stdio-common/scanf13.c > index 65b1429720..131abb33de 100644 > --- a/stdio-common/scanf13.c > +++ b/stdio-common/scanf13.c > @@ -24,6 +24,7 @@ main (void) > DIAG_PUSH_NEEDS_COMMENT_CLANG; > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); > + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); > if (sscanf ("A \xc3\x84-\t\t\xc3\x84-abcdefbcd\t\xc3\x84-B", > "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) > FAIL (); > @@ -91,6 +92,8 @@ main (void) > FAIL (); > free (sp2); > } > + DIAG_PUSH_NEEDS_COMMENT_CLANG; > + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); > if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) > FAIL (); > else > @@ -131,6 +134,7 @@ main (void) > FAIL (); > free (sp4); > } > + DIAG_POP_NEEDS_COMMENT_CLANG; > if (sscanf (buf, "%mS%mC", &lsp1, &lsp2) != 2) > FAIL (); > else > @@ -150,6 +154,7 @@ main (void) > DIAG_PUSH_NEEDS_COMMENT_CLANG; > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); > + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); > if (sscanf (buf, "%2048mls%mlc", &lsp3, &lsp4) != 2) > FAIL (); > else > -- ok > 2.43.0 >
Am Freitag, 10. Januar 2025, 19:12:14 Mitteleuropäische Normalzeit schrieb Adhemerval Zanella: > clang-19 shows: > > scanf13.c:28:40: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 11 [-Werror,-Wfortify-source] > 28 | "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) > | ^ > scanf13.c:94:34: error: 'sscanf' may overflow; destination buffer in argument 3 has size 8, but the corresponding specifier may require size 2049 [-Werror,-Wfortify-source] > 94 | if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) > | ^ > scanf13.c:110:61: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 1501 [-Werror,-Wfortify-source] > 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) > | ^ > scanf13.c:110:67: error: 'sscanf' may overflow; destination buffer in argument 5 has size 8, but the corresponding specifier may require size 549 [-Werror,-Wfortify-source] > 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) > --- Please add a brief remark on what the actual problem is (and why these warnings are bogus). [my understanding - clang does not understand the 'nm' prefix telling sscanf to allocate n+1 memory for the passed pointer to a string, and uses the pointer size instead to calculate validity. however, since the actual call goes back to the c library, it works as intended?] [[the sscanf manpage is a bit horrible w/r to %m]] > stdio-common/scanf13.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/stdio-common/scanf13.c b/stdio-common/scanf13.c > index 65b1429720..131abb33de 100644 > --- a/stdio-common/scanf13.c > +++ b/stdio-common/scanf13.c > @@ -24,6 +24,7 @@ main (void) > DIAG_PUSH_NEEDS_COMMENT_CLANG; > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); > + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); > if (sscanf ("A \xc3\x84-\t\t\xc3\x84-abcdefbcd\t\xc3\x84-B", > "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) > FAIL (); > @@ -91,6 +92,8 @@ main (void) > FAIL (); > free (sp2); > } > + DIAG_PUSH_NEEDS_COMMENT_CLANG; > + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); > if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) > FAIL (); > else > @@ -131,6 +134,7 @@ main (void) > FAIL (); > free (sp4); > } > + DIAG_POP_NEEDS_COMMENT_CLANG; > if (sscanf (buf, "%mS%mC", &lsp1, &lsp2) != 2) > FAIL (); > else > @@ -150,6 +154,7 @@ main (void) > DIAG_PUSH_NEEDS_COMMENT_CLANG; > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); > DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); > + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); > if (sscanf (buf, "%2048mls%mlc", &lsp3, &lsp4) != 2) > FAIL (); > else >
On 11/01/25 10:51, Andreas K. Huettel wrote: > Am Freitag, 10. Januar 2025, 19:12:14 Mitteleuropäische Normalzeit schrieb Adhemerval Zanella: >> clang-19 shows: >> >> scanf13.c:28:40: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 11 [-Werror,-Wfortify-source] >> 28 | "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) >> | ^ >> scanf13.c:94:34: error: 'sscanf' may overflow; destination buffer in argument 3 has size 8, but the corresponding specifier may require size 2049 [-Werror,-Wfortify-source] >> 94 | if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) >> | ^ >> scanf13.c:110:61: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 1501 [-Werror,-Wfortify-source] >> 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) >> | ^ >> scanf13.c:110:67: error: 'sscanf' may overflow; destination buffer in argument 5 has size 8, but the corresponding specifier may require size 549 [-Werror,-Wfortify-source] >> 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) >> --- > > Please add a brief remark on what the actual problem is (and why these warnings are bogus). > > [my understanding - clang does not understand the 'nm' prefix telling sscanf to allocate > n+1 memory for the passed pointer to a string, and uses the pointer size instead to calculate > validity. however, since the actual call goes back to the c library, it works as intended?] > > [[the sscanf manpage is a bit horrible w/r to %m]] I am trying to pinpoint exactly what is clang missing here and it seems it does have some support to handle 'm' prefix for -Wformat; but it lacks support for -Wfortify to understand that it is up to libc to allocate memory. > >> stdio-common/scanf13.c | 5 +++++ >> 1 file changed, 5 insertions(+) >> >> diff --git a/stdio-common/scanf13.c b/stdio-common/scanf13.c >> index 65b1429720..131abb33de 100644 >> --- a/stdio-common/scanf13.c >> +++ b/stdio-common/scanf13.c >> @@ -24,6 +24,7 @@ main (void) >> DIAG_PUSH_NEEDS_COMMENT_CLANG; >> DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); >> DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); >> + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); >> if (sscanf ("A \xc3\x84-\t\t\xc3\x84-abcdefbcd\t\xc3\x84-B", >> "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) >> FAIL (); >> @@ -91,6 +92,8 @@ main (void) >> FAIL (); >> free (sp2); >> } >> + DIAG_PUSH_NEEDS_COMMENT_CLANG; >> + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); >> if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) >> FAIL (); >> else >> @@ -131,6 +134,7 @@ main (void) >> FAIL (); >> free (sp4); >> } >> + DIAG_POP_NEEDS_COMMENT_CLANG; >> if (sscanf (buf, "%mS%mC", &lsp1, &lsp2) != 2) >> FAIL (); >> else >> @@ -150,6 +154,7 @@ main (void) >> DIAG_PUSH_NEEDS_COMMENT_CLANG; >> DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); >> DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); >> + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); >> if (sscanf (buf, "%2048mls%mlc", &lsp3, &lsp4) != 2) >> FAIL (); >> else >> > >
diff --git a/stdio-common/scanf13.c b/stdio-common/scanf13.c index 65b1429720..131abb33de 100644 --- a/stdio-common/scanf13.c +++ b/stdio-common/scanf13.c @@ -24,6 +24,7 @@ main (void) DIAG_PUSH_NEEDS_COMMENT_CLANG; DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); if (sscanf ("A \xc3\x84-\t\t\xc3\x84-abcdefbcd\t\xc3\x84-B", "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) FAIL (); @@ -91,6 +92,8 @@ main (void) FAIL (); free (sp2); } + DIAG_PUSH_NEEDS_COMMENT_CLANG; + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) FAIL (); else @@ -131,6 +134,7 @@ main (void) FAIL (); free (sp4); } + DIAG_POP_NEEDS_COMMENT_CLANG; if (sscanf (buf, "%mS%mC", &lsp1, &lsp2) != 2) FAIL (); else @@ -150,6 +154,7 @@ main (void) DIAG_PUSH_NEEDS_COMMENT_CLANG; DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-invalid-specifier"); DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wformat-extra-args"); + DIAG_IGNORE_NEEDS_COMMENT_CLANG (13, "-Wfortify-source"); if (sscanf (buf, "%2048mls%mlc", &lsp3, &lsp4) != 2) FAIL (); else
clang-19 shows: scanf13.c:28:40: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 11 [-Werror,-Wfortify-source] 28 | "A%ms%10ms%4m[bcd]%4mcB", &sp1, &sp2, &sp3, &sp4) != 4) | ^ scanf13.c:94:34: error: 'sscanf' may overflow; destination buffer in argument 3 has size 8, but the corresponding specifier may require size 2049 [-Werror,-Wfortify-source] 94 | if (sscanf (buf, "%2048ms%mc", &sp3, &sp4) != 2) | ^ scanf13.c:110:61: error: 'sscanf' may overflow; destination buffer in argument 4 has size 8, but the corresponding specifier may require size 1501 [-Werror,-Wfortify-source] 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) | ^ scanf13.c:110:67: error: 'sscanf' may overflow; destination buffer in argument 5 has size 8, but the corresponding specifier may require size 549 [-Werror,-Wfortify-source] 110 | if (sscanf (buf, "%4mc%1500m[dr/]%548m[abc/d]%3mc", &sp1, &sp2, &sp3, &sp4) --- stdio-common/scanf13.c | 5 +++++ 1 file changed, 5 insertions(+)