clang: add a new warning for %n format specifier usage in printf(3) family functions

ok deraadt@
different versions tested by jca@ naddy@ sthen@

diff --git a/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td b/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td
index cd23dd3..b7aacbb 100644 (file)
--- a/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td
+++ b/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td
@@ -9104,6 +9104,9 @@ def err_os_log_argument_too_big : Error<
 def warn_os_log_format_narg : Error<
  "os_log() '%%n' format specifier is not allowed">, DefaultError;
 
+def warn_format_narg : Warning<
+  "'%%n' format specifier support is deactivated and will call abort(3)">;
+
 // Statements.
 def err_continue_not_in_loop : Error<
   "'continue' statement not in loop statement">;

diff --git a/gnu/llvm/clang/lib/Sema/SemaChecking.cpp b/gnu/llvm/clang/lib/Sema/SemaChecking.cpp
index 82a7e6b..5a23f4a 100644 (file)
--- a/gnu/llvm/clang/lib/Sema/SemaChecking.cpp
+++ b/gnu/llvm/clang/lib/Sema/SemaChecking.cpp
@@ -8083,6 +8083,15 @@ CheckPrintfHandler::HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier
     return true;
   }
 
+  // %n is not allowed anywhere
+  if (CS.getKind() == ConversionSpecifier::nArg) {
+    EmitFormatDiagnostic(S.PDiag(diag::warn_format_narg),
+                         getLocationOfByte(CS.getStart()),
+                         /*IsStringLocation*/ false,
+                         getSpecifierRange(startSpecifier, specifierLen));
+    return true;
+  }
+
   // Only scalars are allowed for os_trace.
   if (FSType == Sema::FST_OSTrace &&
       (CS.getKind() == ConversionSpecifier::PArg ||

diff --git a/share/man/man1/clang-local.1 b/share/man/man1/clang-local.1
index 4734525..8a03b4e 100644 (file)
--- a/share/man/man1/clang-local.1
+++ b/share/man/man1/clang-local.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: clang-local.1,v 1.21 2020/10/12 16:41:03 deraadt Exp $
+.\" $OpenBSD: clang-local.1,v 1.22 2021/09/07 17:39:49 semarie Exp $
 .\"
 .\" Copyright (c) 2016 Pascal Stumpf <pascal@stumpf.co>
 .\"
@@ -15,7 +15,7 @@
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
 .\"
-.Dd $Mdocdate: October 12 2020 $
+.Dd $Mdocdate: September 7 2021 $
 .Dt CLANG-LOCAL 1
 .Os
 .Sh NAME
@@ -127,6 +127,12 @@ has
 enabled by default on amd64 to protect against branch target injection attacks.
 It can be disabled with
 .Fl mno-retpoline .
+.It
+A new warning for
+.Cm %n
+format specifier usage in
+.Xr printf 3
+family functions has been added.
 .El
 .Sh SEE ALSO
 .Xr clang 1