2 * This file is part of cparser.
3 * Copyright (C) 2007-2009 Matthias Braun <matze@braunis.de>
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License
7 * as published by the Free Software Foundation; either version 2
8 * of the License, or (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
25 #include "format_check.h"
29 #include "diagnostic.h"
34 #include "lang_features.h"
36 typedef enum format_flag_t {
38 FMT_FLAG_HASH = 1U << 0,
39 FMT_FLAG_ZERO = 1U << 1,
40 FMT_FLAG_MINUS = 1U << 2,
41 FMT_FLAG_SPACE = 1U << 3,
42 FMT_FLAG_PLUS = 1U << 4,
43 FMT_FLAG_TICK = 1U << 5
46 typedef unsigned format_flags_t;
48 typedef enum format_length_modifier_t {
59 /* only in microsoft mode */
64 } format_length_modifier_t;
66 typedef struct format_spec_t {
67 const char *name; /**< name of the function */
68 format_kind_t fmt_kind; /**< kind */
69 unsigned fmt_idx; /**< index of the format string */
70 unsigned arg_idx; /**< index of the first argument */
73 static const char* get_length_modifier_name(const format_length_modifier_t mod)
75 static const char* const names[] = {
86 /* only in microsoft mode */
89 [FMT_MOD_I32] = "I32",
92 assert((size_t)mod < lengthof(names));
96 static void warn_invalid_length_modifier(const source_position_t *pos,
97 const format_length_modifier_t mod,
98 const utf32 conversion)
100 char const *const lmod = get_length_modifier_name(mod);
101 warningf(WARN_FORMAT, pos, "invalid length modifier '%s' for conversion specifier '%%%c'", lmod, conversion);
105 * Check printf-style format. Returns number of expected arguments.
107 static int internal_check_printf_format(const expression_t *fmt_expr,
108 const call_argument_t *arg,
109 const format_spec_t *spec)
111 while (fmt_expr->kind == EXPR_UNARY_CAST) {
112 fmt_expr = fmt_expr->unary.value;
116 * gettext results in expressions like (X ? "format_string" : Y)
117 * we assume the left part is the format string
119 if (fmt_expr->kind == EXPR_CONDITIONAL) {
120 conditional_expression_t const *const c = &fmt_expr->conditional;
121 expression_t const * t = c->true_expression;
124 int const nt = internal_check_printf_format(t, arg, spec);
125 int const nf = internal_check_printf_format(c->false_expression, arg, spec);
126 return nt > nf ? nt : nf;
129 if (fmt_expr->kind != EXPR_STRING_LITERAL
130 && fmt_expr->kind != EXPR_WIDE_STRING_LITERAL)
133 const char *string = fmt_expr->literal.value.begin;
134 size_t size = fmt_expr->literal.value.size;
135 const char *c = string;
137 const source_position_t *pos = &fmt_expr->base.source_position;
138 unsigned num_fmt = 0;
139 unsigned num_args = 0;
141 for (fmt = *c; fmt != '\0'; fmt = *(++c)) {
147 warningf(WARN_FORMAT, pos, "dangling %% in format string");
156 format_flags_t fmt_flags = FMT_FLAG_NONE;
159 fmt_flags |= FMT_FLAG_ZERO;
162 /* argument selector or minimum field width */
166 } while (isdigit(fmt));
168 /* digit string was ... */
170 /* ... argument selector */
171 fmt_flags = FMT_FLAG_NONE; /* reset possibly set 0-flag */
175 /* ... minimum field width */
181 case '#': flag = FMT_FLAG_HASH; break;
182 case '0': flag = FMT_FLAG_ZERO; break;
183 case '-': flag = FMT_FLAG_MINUS; break;
184 case '\'': flag = FMT_FLAG_TICK; break;
187 if (fmt_flags & FMT_FLAG_PLUS) {
188 warningf(WARN_FORMAT, pos, "' ' is overridden by prior '+' in conversion specification %u", num_fmt);
190 flag = FMT_FLAG_SPACE;
194 if (fmt_flags & FMT_FLAG_SPACE) {
195 warningf(WARN_FORMAT, pos, "'+' overrides prior ' ' in conversion specification %u", num_fmt);
197 flag = FMT_FLAG_PLUS;
200 default: goto break_fmt_flags;
202 if (fmt_flags & flag) {
203 warningf(WARN_FORMAT, pos, "repeated flag '%c' in conversion specification %u", (char)fmt, num_fmt);
210 /* minimum field width */
215 warningf(WARN_FORMAT, pos, "missing argument for '*' field width in conversion specification %u", num_fmt);
218 const type_t *const arg_type = arg->expression->base.type;
219 if (arg_type != type_int) {
220 warningf(WARN_FORMAT, pos, "argument for '*' field width in conversion specification %u is not an 'int', but an '%T'", num_fmt, arg_type);
224 while (isdigit(fmt)) {
232 if (fmt_flags & FMT_FLAG_ZERO) {
233 warningf(WARN_FORMAT, pos, "'0' flag ignored with precision in conversion specification %u", num_fmt);
241 warningf(WARN_FORMAT, pos, "missing argument for '*' precision in conversion specification %u", num_fmt);
244 const type_t *const arg_type = arg->expression->base.type;
245 if (arg_type != type_int) {
246 warningf(WARN_FORMAT, pos, "argument for '*' precision in conversion specification %u is not an 'int', but an '%T'", num_fmt, arg_type);
250 /* digit string may be omitted */
251 while (isdigit(fmt)) {
257 /* length modifier */
258 format_length_modifier_t fmt_mod;
264 fmt_mod = FMT_MOD_hh;
274 fmt_mod = FMT_MOD_ll;
280 case 'L': fmt = *(++c); fmt_mod = FMT_MOD_L; break;
281 case 'j': fmt = *(++c); fmt_mod = FMT_MOD_j; break;
282 case 't': fmt = *(++c); fmt_mod = FMT_MOD_t; break;
283 case 'z': fmt = *(++c); fmt_mod = FMT_MOD_z; break;
284 case 'q': fmt = *(++c); fmt_mod = FMT_MOD_q; break;
288 fmt = *(++c); fmt_mod = FMT_MOD_w;
290 fmt_mod = FMT_MOD_NONE;
295 fmt = *(++c); fmt_mod = FMT_MOD_I;
300 fmt_mod = FMT_MOD_I32;
305 } else if (fmt == '6') {
309 fmt_mod = FMT_MOD_I64;
316 fmt_mod = FMT_MOD_NONE;
320 fmt_mod = FMT_MOD_NONE;
325 type_t *expected_type;
326 type_qualifiers_t expected_qual = TYPE_QUALIFIER_NONE;
327 format_flags_t allowed_flags;
332 case FMT_MOD_NONE: expected_type = type_int; break;
333 case FMT_MOD_hh: expected_type = type_signed_char; break;
334 case FMT_MOD_h: expected_type = type_short; break;
335 case FMT_MOD_l: expected_type = type_long; break;
336 case FMT_MOD_ll: expected_type = type_long_long; break;
337 case FMT_MOD_j: expected_type = type_intmax_t; break;
338 case FMT_MOD_z: expected_type = type_ssize_t; break;
339 case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
340 case FMT_MOD_I: expected_type = type_ptrdiff_t; break;
341 case FMT_MOD_I32: expected_type = type_int32; break;
342 case FMT_MOD_I64: expected_type = type_int64; break;
345 warn_invalid_length_modifier(pos, fmt_mod, fmt);
348 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_SPACE | FMT_FLAG_PLUS | FMT_FLAG_ZERO;
354 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_HASH | FMT_FLAG_ZERO;
355 goto eval_fmt_mod_unsigned;
358 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_ZERO;
359 eval_fmt_mod_unsigned:
361 case FMT_MOD_NONE: expected_type = type_unsigned_int; break;
362 case FMT_MOD_hh: expected_type = type_unsigned_char; break;
363 case FMT_MOD_h: expected_type = type_unsigned_short; break;
364 case FMT_MOD_l: expected_type = type_unsigned_long; break;
365 case FMT_MOD_ll: expected_type = type_unsigned_long_long; break;
366 case FMT_MOD_j: expected_type = type_uintmax_t; break;
367 case FMT_MOD_z: expected_type = type_size_t; break;
368 case FMT_MOD_t: expected_type = type_uptrdiff_t; break;
369 case FMT_MOD_I: expected_type = type_size_t; break;
370 case FMT_MOD_I32: expected_type = type_unsigned_int32; break;
371 case FMT_MOD_I64: expected_type = type_unsigned_int64; break;
374 warn_invalid_length_modifier(pos, fmt_mod, fmt);
388 case FMT_MOD_l: /* l modifier is ignored */
389 case FMT_MOD_NONE: expected_type = type_double; break;
390 case FMT_MOD_L: expected_type = type_long_double; break;
393 warn_invalid_length_modifier(pos, fmt_mod, fmt);
396 allowed_flags = FMT_FLAG_MINUS | FMT_FLAG_SPACE | FMT_FLAG_PLUS | FMT_FLAG_HASH | FMT_FLAG_ZERO;
400 if (fmt_mod != FMT_MOD_NONE) {
401 warn_invalid_length_modifier(pos, fmt_mod, fmt);
404 expected_type = type_wchar_t;
405 allowed_flags = FMT_FLAG_NONE;
409 expected_type = type_int;
411 case FMT_MOD_NONE: expected_type = type_int; break; /* TODO promoted char */
412 case FMT_MOD_l: expected_type = type_wint_t; break;
413 case FMT_MOD_w: expected_type = type_wchar_t; break;
416 warn_invalid_length_modifier(pos, fmt_mod, fmt);
419 allowed_flags = FMT_FLAG_NONE;
423 if (fmt_mod != FMT_MOD_NONE) {
424 warn_invalid_length_modifier(pos, fmt_mod, fmt);
427 expected_type = type_wchar_t_ptr;
428 expected_qual = TYPE_QUALIFIER_CONST;
429 allowed_flags = FMT_FLAG_MINUS;
434 case FMT_MOD_NONE: expected_type = type_char_ptr; break;
435 case FMT_MOD_l: expected_type = type_wchar_t_ptr; break;
436 case FMT_MOD_w: expected_type = type_wchar_t_ptr; break;
439 warn_invalid_length_modifier(pos, fmt_mod, fmt);
442 expected_qual = TYPE_QUALIFIER_CONST;
443 allowed_flags = FMT_FLAG_MINUS;
447 if (fmt_mod != FMT_MOD_NONE) {
448 warn_invalid_length_modifier(pos, fmt_mod, fmt);
451 expected_type = type_void_ptr;
452 allowed_flags = FMT_FLAG_NONE;
457 case FMT_MOD_NONE: expected_type = type_int_ptr; break;
458 case FMT_MOD_hh: expected_type = type_signed_char_ptr; break;
459 case FMT_MOD_h: expected_type = type_short_ptr; break;
460 case FMT_MOD_l: expected_type = type_long_ptr; break;
461 case FMT_MOD_ll: expected_type = type_long_long_ptr; break;
462 case FMT_MOD_j: expected_type = type_intmax_t_ptr; break;
463 case FMT_MOD_z: expected_type = type_ssize_t_ptr; break;
464 case FMT_MOD_t: expected_type = type_ptrdiff_t_ptr; break;
467 warn_invalid_length_modifier(pos, fmt_mod, fmt);
470 allowed_flags = FMT_FLAG_NONE;
474 warningf(WARN_FORMAT, pos, "encountered unknown conversion specifier '%%%c' at position %u", fmt, num_fmt);
481 format_flags_t wrong_flags = fmt_flags & ~allowed_flags;
482 if (wrong_flags != 0) {
485 if (wrong_flags & FMT_FLAG_HASH) *p++ = '#';
486 if (wrong_flags & FMT_FLAG_ZERO) *p++ = '0';
487 if (wrong_flags & FMT_FLAG_MINUS) *p++ = '-';
488 if (wrong_flags & FMT_FLAG_SPACE) *p++ = ' ';
489 if (wrong_flags & FMT_FLAG_PLUS) *p++ = '+';
490 if (wrong_flags & FMT_FLAG_TICK) *p++ = '\'';
493 warningf(WARN_FORMAT, pos, "invalid format flags \"%s\" in conversion specification %%%c at position %u", wrong, fmt, num_fmt);
498 warningf(WARN_FORMAT, pos, "too few arguments for format string");
502 { /* create a scope here to prevent warning about the jump to next_arg */
503 type_t *const arg_type = arg->expression->base.type;
504 type_t *const arg_skip = skip_typeref(arg_type);
505 type_t *const expected_type_skip = skip_typeref(expected_type);
508 /* allow any pointer type for %p, not just void */
509 if (is_type_pointer(arg_skip))
513 if (is_type_pointer(expected_type_skip)) {
514 if (is_type_pointer(arg_skip)) {
515 type_t *const exp_to = skip_typeref(expected_type_skip->pointer.points_to);
516 type_t *const arg_to = skip_typeref(arg_skip->pointer.points_to);
517 if ((arg_to->base.qualifiers & ~expected_qual) == 0 &&
518 get_unqualified_type(arg_to) == exp_to) {
522 } else if (get_unqualified_type(arg_skip) == expected_type_skip) {
524 } else if (arg->expression->kind == EXPR_UNARY_CAST) {
525 expression_t const *const expr = arg->expression->unary.value;
526 type_t *const unprom_type = skip_typeref(expr->base.type);
527 if (get_unqualified_type(unprom_type) == expected_type_skip) {
530 if (expected_type_skip == type_unsigned_int && !is_type_signed(unprom_type)) {
534 if (is_type_valid(arg_skip)) {
535 source_position_t const *const apos = &arg->expression->base.source_position;
536 char const *const mod = get_length_modifier_name(fmt_mod);
537 warningf(WARN_FORMAT, apos, "argument type '%T' does not match conversion specifier '%%%s%c' at position %u", arg_type, mod, (char)fmt, num_fmt);
544 if (c+1 < string + size) {
545 warningf(WARN_FORMAT, pos, "format string contains '\\0'");
551 * Check printf-style format.
553 static void check_printf_format(call_argument_t const *arg,
554 format_spec_t const *const spec)
556 /* find format arg */
558 for (; idx < spec->fmt_idx; ++idx) {
564 expression_t const *const fmt_expr = arg->expression;
566 /* find the real args */
567 for (; idx < spec->arg_idx && arg != NULL; ++idx)
570 int const num_fmt = internal_check_printf_format(fmt_expr, arg, spec);
575 for (; arg != NULL; arg = arg->next)
577 if (num_args > (size_t)num_fmt) {
578 source_position_t const *const pos = &fmt_expr->base.source_position;
579 warningf(WARN_FORMAT, pos, "%u argument%s but only %u format specifier%s", num_args, num_args != 1 ? "s" : "", num_fmt, num_fmt != 1 ? "s" : "");
584 * Check scanf-style format.
586 static void check_scanf_format(const call_argument_t *arg,
587 const format_spec_t *spec)
589 /* find format arg */
591 for (; idx < spec->fmt_idx; ++idx) {
597 const expression_t *fmt_expr = arg->expression;
598 if (fmt_expr->kind == EXPR_UNARY_CAST) {
599 fmt_expr = fmt_expr->unary.value;
602 if (fmt_expr->kind != EXPR_STRING_LITERAL
603 && fmt_expr->kind != EXPR_WIDE_STRING_LITERAL)
606 const char *string = fmt_expr->literal.value.begin;
607 size_t size = fmt_expr->literal.value.size;
608 const char *c = string;
610 /* find the real args */
611 for (; idx < spec->arg_idx && arg != NULL; ++idx)
614 const source_position_t *pos = &fmt_expr->base.source_position;
615 unsigned num_fmt = 0;
617 for (fmt = *c; fmt != '\0'; fmt = *(++c)) {
626 bool suppress_assignment = false;
629 suppress_assignment = true;
633 if ('0' <= fmt && fmt <= '9') {
635 width = width * 10 + (fmt - '0');
637 } while ('0' <= fmt && fmt <= '9');
639 warningf(WARN_FORMAT, pos, "field width is zero at format %u", num_fmt);
643 /* look for length modifiers */
644 format_length_modifier_t fmt_mod = FMT_MOD_NONE;
650 fmt_mod = FMT_MOD_hh;
660 fmt_mod = FMT_MOD_ll;
666 case 'L': fmt = *(++c); fmt_mod = FMT_MOD_L; break;
667 case 'j': fmt = *(++c); fmt_mod = FMT_MOD_j; break;
668 case 't': fmt = *(++c); fmt_mod = FMT_MOD_t; break;
669 case 'z': fmt = *(++c); fmt_mod = FMT_MOD_z; break;
685 fmt_mod = FMT_MOD_I32;
690 } else if (fmt == '6') {
694 fmt_mod = FMT_MOD_I64;
705 warningf(WARN_FORMAT, pos, "dangling %% with conversion specififer in format string");
709 type_t *expected_type;
714 case FMT_MOD_NONE: expected_type = type_int; break;
715 case FMT_MOD_hh: expected_type = type_signed_char; break;
716 case FMT_MOD_h: expected_type = type_short; break;
717 case FMT_MOD_l: expected_type = type_long; break;
718 case FMT_MOD_ll: expected_type = type_long_long; break;
719 case FMT_MOD_j: expected_type = type_intmax_t; break;
720 case FMT_MOD_z: expected_type = type_ssize_t; break;
721 case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
722 case FMT_MOD_I: expected_type = type_ptrdiff_t; break;
723 case FMT_MOD_I32: expected_type = type_int32; break;
724 case FMT_MOD_I64: expected_type = type_int64; break;
727 warn_invalid_length_modifier(pos, fmt_mod, fmt);
737 case FMT_MOD_NONE: expected_type = type_unsigned_int; break;
738 case FMT_MOD_hh: expected_type = type_unsigned_char; break;
739 case FMT_MOD_h: expected_type = type_unsigned_short; break;
740 case FMT_MOD_l: expected_type = type_unsigned_long; break;
741 case FMT_MOD_ll: expected_type = type_unsigned_long_long; break;
742 case FMT_MOD_j: expected_type = type_uintmax_t; break;
743 case FMT_MOD_z: expected_type = type_size_t; break;
744 case FMT_MOD_t: expected_type = type_uptrdiff_t; break;
745 case FMT_MOD_I: expected_type = type_size_t; break;
746 case FMT_MOD_I32: expected_type = type_unsigned_int32; break;
747 case FMT_MOD_I64: expected_type = type_unsigned_int64; break;
750 warn_invalid_length_modifier(pos, fmt_mod, fmt);
764 case FMT_MOD_l: expected_type = type_double; break;
765 case FMT_MOD_NONE: expected_type = type_float; break;
766 case FMT_MOD_L: expected_type = type_long_double; break;
769 warn_invalid_length_modifier(pos, fmt_mod, fmt);
775 if (fmt_mod != FMT_MOD_NONE) {
776 warn_invalid_length_modifier(pos, fmt_mod, fmt);
779 expected_type = type_wchar_t;
784 case FMT_MOD_NONE: expected_type = type_char; break;
785 case FMT_MOD_l: expected_type = type_wchar_t; break;
786 case FMT_MOD_w: expected_type = type_wchar_t; break;
789 warn_invalid_length_modifier(pos, fmt_mod, fmt);
796 if (!suppress_assignment && arg != NULL) {
797 type_t *const type = skip_typeref(revert_automatic_type_conversion(arg->expression));
798 if (is_type_array(type) &&
799 type->array.size_constant &&
800 width > type->array.size) {
801 warningf(WARN_FORMAT, pos, "target buffer '%T' is too small for %u characters at format %u", type, width, num_fmt);
808 if (fmt_mod != FMT_MOD_NONE) {
809 warn_invalid_length_modifier(pos, fmt_mod, fmt);
812 expected_type = type_wchar_t;
818 case FMT_MOD_NONE: expected_type = type_char; break;
819 case FMT_MOD_l: expected_type = type_wchar_t; break;
820 case FMT_MOD_w: expected_type = type_wchar_t; break;
823 warn_invalid_length_modifier(pos, fmt_mod, fmt);
827 if (!suppress_assignment &&
830 type_t *const type = skip_typeref(revert_automatic_type_conversion(arg->expression));
831 if (is_type_array(type) &&
832 type->array.size_constant &&
833 width >= type->array.size) {
834 warningf(WARN_FORMAT, pos, "target buffer '%T' is too small for %u characters and \\0 at format %u", type, width, num_fmt);
841 if (fmt_mod != FMT_MOD_NONE) {
842 warn_invalid_length_modifier(pos, fmt_mod, fmt);
845 expected_type = type_void_ptr;
849 if (suppress_assignment) {
850 warningf(WARN_FORMAT, pos, "conversion '%n' cannot be suppressed with '*' at format %u", num_fmt);
854 case FMT_MOD_NONE: expected_type = type_int; break;
855 case FMT_MOD_hh: expected_type = type_signed_char; break;
856 case FMT_MOD_h: expected_type = type_short; break;
857 case FMT_MOD_l: expected_type = type_long; break;
858 case FMT_MOD_ll: expected_type = type_long_long; break;
859 case FMT_MOD_j: expected_type = type_intmax_t; break;
860 case FMT_MOD_z: expected_type = type_ssize_t; break;
861 case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
864 warn_invalid_length_modifier(pos, fmt_mod, fmt);
871 warningf(WARN_FORMAT, pos, "encountered unknown conversion specifier '%%%c' at format %u", fmt, num_fmt);
872 if (suppress_assignment)
879 if (suppress_assignment)
884 warningf(WARN_FORMAT, pos, "too few arguments for format string");
888 { /* create a scope here to prevent warning about the jump to next_arg */
889 type_t *const arg_type = arg->expression->base.type;
890 type_t *const arg_skip = skip_typeref(arg_type);
891 type_t *const expected_type_skip = skip_typeref(expected_type);
893 if (! is_type_pointer(arg_skip))
895 type_t *const ptr_skip = skip_typeref(arg_skip->pointer.points_to);
898 /* allow any pointer type for %p, not just void */
899 if (is_type_pointer(ptr_skip))
903 /* do NOT allow const or restrict, all other should be ok */
904 if (ptr_skip->base.qualifiers & (TYPE_QUALIFIER_CONST | TYPE_QUALIFIER_VOLATILE))
906 type_t *const unqual_ptr = get_unqualified_type(ptr_skip);
907 if (unqual_ptr == expected_type_skip) {
909 } else if (expected_type_skip == type_char) {
910 /* char matches with unsigned char AND signed char */
911 if (unqual_ptr == type_signed_char || unqual_ptr == type_unsigned_char)
915 if (is_type_valid(arg_skip)) {
916 source_position_t const *const apos = &arg->expression->base.source_position;
917 char const *const mod = get_length_modifier_name(fmt_mod);
918 warningf(WARN_FORMAT, apos, "argument type '%T' does not match conversion specifier '%%%s%c' at position %u", arg_type, mod, (char)fmt, num_fmt);
925 if (c+1 < string + size) {
926 warningf(WARN_FORMAT, pos, "format string contains '\\0'");
929 unsigned num_args = num_fmt;
930 while (arg != NULL) {
934 warningf(WARN_FORMAT, pos, "%u argument%s but only %u format specifier%s", num_args, num_args != 1 ? "s" : "", num_fmt, num_fmt != 1 ? "s" : "");
938 static const format_spec_t builtin_table[] = {
939 { "printf", FORMAT_PRINTF, 0, 1 },
940 { "wprintf", FORMAT_PRINTF, 0, 1 },
941 { "sprintf", FORMAT_PRINTF, 1, 2 },
942 { "swprintf", FORMAT_PRINTF, 1, 2 },
943 { "snprintf", FORMAT_PRINTF, 2, 3 },
944 { "snwprintf", FORMAT_PRINTF, 2, 3 },
945 { "fprintf", FORMAT_PRINTF, 1, 2 },
946 { "fwprintf", FORMAT_PRINTF, 1, 2 },
947 { "snwprintf", FORMAT_PRINTF, 2, 3 },
948 { "snwprintf", FORMAT_PRINTF, 2, 3 },
950 { "scanf", FORMAT_SCANF, 0, 1 },
951 { "wscanf", FORMAT_SCANF, 0, 1 },
952 { "sscanf", FORMAT_SCANF, 1, 2 },
953 { "swscanf", FORMAT_SCANF, 1, 2 },
954 { "fscanf", FORMAT_SCANF, 1, 2 },
955 { "fwscanf", FORMAT_SCANF, 1, 2 },
957 { "strftime", FORMAT_STRFTIME, 3, 4 },
958 { "wcstrftime", FORMAT_STRFTIME, 3, 4 },
960 { "strfmon", FORMAT_STRFMON, 3, 4 },
963 { "_snprintf", FORMAT_PRINTF, 2, 3 },
964 { "_snwprintf", FORMAT_PRINTF, 2, 3 },
965 { "_scrintf", FORMAT_PRINTF, 0, 1 },
966 { "_scwprintf", FORMAT_PRINTF, 0, 1 },
967 { "printf_s", FORMAT_PRINTF, 0, 1 },
968 { "wprintf_s", FORMAT_PRINTF, 0, 1 },
969 { "sprintf_s", FORMAT_PRINTF, 3, 4 },
970 { "swprintf_s", FORMAT_PRINTF, 3, 4 },
971 { "fprintf_s", FORMAT_PRINTF, 1, 2 },
972 { "fwprintf_s", FORMAT_PRINTF, 1, 2 },
973 { "_sprintf_l", FORMAT_PRINTF, 1, 3 },
974 { "_swprintf_l", FORMAT_PRINTF, 1, 3 },
975 { "_printf_l", FORMAT_PRINTF, 0, 2 },
976 { "_wprintf_l", FORMAT_PRINTF, 0, 2 },
977 { "_fprintf_l", FORMAT_PRINTF, 1, 3 },
978 { "_fwprintf_l", FORMAT_PRINTF, 1, 3 },
979 { "_printf_s_l", FORMAT_PRINTF, 0, 2 },
980 { "_wprintf_s_l", FORMAT_PRINTF, 0, 2 },
981 { "_sprintf_s_l", FORMAT_PRINTF, 3, 5 },
982 { "_swprintf_s_l", FORMAT_PRINTF, 3, 5 },
983 { "_fprintf_s_l", FORMAT_PRINTF, 1, 3 },
984 { "_fwprintf_s_l", FORMAT_PRINTF, 1, 3 },
987 void check_format(const call_expression_t *const call)
989 if (!is_warn_on(WARN_FORMAT))
992 const expression_t *const func_expr = call->function;
993 if (func_expr->kind != EXPR_REFERENCE)
996 const entity_t *const entity = func_expr->reference.entity;
997 const call_argument_t * arg = call->arguments;
1000 * For some functions we always check the format, even if it was not
1001 * specified. This allows to check format even in MS mode or without
1004 const char *const name = entity->base.symbol->string;
1005 for (size_t i = 0; i < lengthof(builtin_table); ++i) {
1006 if (strcmp(name, builtin_table[i].name) == 0) {
1007 switch (builtin_table[i].fmt_kind) {
1009 check_printf_format(arg, &builtin_table[i]);
1012 check_scanf_format(arg, &builtin_table[i]);
1014 case FORMAT_STRFTIME:
1015 case FORMAT_STRFMON:
1016 /* TODO: implement other cases */