+next_arg:
+ arg = arg->next;
+ }
+ if (!atend(&vchar)) {
+ warningf(pos, "format string contains '\\0'");
+ }
+ if (arg != NULL) {
+ unsigned num_args = num_fmt;
+ while (arg != NULL) {
+ ++num_args;
+ arg = arg->next;
+ }
+ warningf(pos, "%u argument%s but only %u format specifier%s",
+ num_args, num_args != 1 ? "s" : "",
+ num_fmt, num_fmt != 1 ? "s" : "");
+ }
+}
+
+/**
+ * Check scanf-style format.
+ */
+static void check_scanf_format(const call_argument_t *arg, const format_spec_t *spec)
+{
+ /* find format arg */
+ unsigned idx = 0;
+ for (; idx < spec->fmt_idx; ++idx) {
+ if (arg == NULL)
+ return;
+ arg = arg->next;
+ }
+
+ const expression_t *fmt_expr = arg->expression;
+ if (fmt_expr->kind == EXPR_UNARY_CAST_IMPLICIT) {
+ fmt_expr = fmt_expr->unary.value;
+ }
+
+ vchar_t vchar;
+ if (fmt_expr->kind == EXPR_WIDE_STRING_LITERAL) {
+ vchar.string = &fmt_expr->wide_string.value;
+ vchar.size = fmt_expr->wide_string.value.size;
+ vchar.first = wstring_first;
+ vchar.next = wstring_next;
+ vchar.is_digit = wstring_isdigit;
+ } else if (fmt_expr->kind == EXPR_STRING_LITERAL) {
+ vchar.string = &fmt_expr->string.value;
+ vchar.size = fmt_expr->string.value.size;
+ vchar.first = string_first;
+ vchar.next = string_next;
+ vchar.is_digit = string_isdigit;
+ } else {
+ return;
+ }
+ /* find the real args */
+ for (; idx < spec->arg_idx && arg != NULL; ++idx)
+ arg = arg->next;
+
+ const source_position_t *pos = &fmt_expr->base.source_position;
+ unsigned fmt = vchar.first(&vchar);
+ unsigned num_fmt = 0;
+ for (; fmt != '\0'; fmt = vchar.next(&vchar)) {
+ if (fmt != '%')
+ continue;
+ fmt = vchar.next(&vchar);
+
+ if (fmt == '%')
+ continue;
+
+ ++num_fmt;
+
+ /* length modifier */
+ format_length_modifier_t fmt_mod;
+ switch (fmt) {
+ case 'h':
+ fmt = vchar.next(&vchar);
+ if (fmt == 'h') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_hh;
+ } else {
+ fmt_mod = FMT_MOD_h;
+ }
+ break;
+
+ case 'l':
+ fmt = vchar.next(&vchar);
+ if (fmt == 'l') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_ll;
+ } else {
+ fmt_mod = FMT_MOD_l;
+ }
+ break;
+
+ case 'L': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_L; break;
+ case 'j': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_j; break;
+ case 't': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_t; break;
+ case 'z': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_z; break;
+ /* microsoft mode */
+ case 'w':
+ if (c_mode & _MS) {
+ fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_w;
+ } else {
+ fmt_mod = FMT_MOD_NONE;
+ }
+ break;
+ case 'I':
+ if (c_mode & _MS) {
+ fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_I;
+ if (fmt == '3') {
+ fmt = vchar.next(&vchar);
+ if (fmt == '2') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_I32;
+ } else {
+ /* rewind */
+ --vchar.position;
+ }
+ } else if (fmt == '6') {
+ fmt = vchar.next(&vchar);
+ if (fmt == '4') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_I64;
+ } else {
+ /* rewind */
+ --vchar.position;
+ }
+ }
+ } else {
+ fmt_mod = FMT_MOD_NONE;
+ }
+ break;
+ default:
+ fmt_mod = FMT_MOD_NONE;
+ break;
+ }
+
+ if (fmt == '\0') {
+ warningf(pos, "dangling %% in format string");
+ break;
+ }
+
+ type_t *expected_type;
+ switch (fmt) {
+ case 'd':
+ case 'i':
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_int; break;
+ case FMT_MOD_hh: expected_type = type_signed_char; break;
+ case FMT_MOD_h: expected_type = type_short; break;
+ case FMT_MOD_l: expected_type = type_long; break;
+ case FMT_MOD_ll: expected_type = type_long_long; break;
+ case FMT_MOD_j: expected_type = type_intmax_t; break;
+ case FMT_MOD_z: expected_type = type_ssize_t; break;
+ case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
+ case FMT_MOD_I: expected_type = type_ptrdiff_t; break;
+ case FMT_MOD_I32: expected_type = type_int32; break;
+ case FMT_MOD_I64: expected_type = type_int64; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'o':
+ case 'X':
+ case 'x':
+ goto eval_fmt_mod_unsigned;
+
+ case 'u':
+eval_fmt_mod_unsigned:
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_unsigned_int; break;
+ case FMT_MOD_hh: expected_type = type_unsigned_char; break;
+ case FMT_MOD_h: expected_type = type_unsigned_short; break;
+ case FMT_MOD_l: expected_type = type_unsigned_long; break;
+ case FMT_MOD_ll: expected_type = type_unsigned_long_long; break;
+ case FMT_MOD_j: expected_type = type_uintmax_t; break;
+ case FMT_MOD_z: expected_type = type_size_t; break;
+ case FMT_MOD_t: expected_type = type_uptrdiff_t; break;
+ case FMT_MOD_I: expected_type = type_size_t; break;
+ case FMT_MOD_I32: expected_type = type_unsigned_int32; break;
+ case FMT_MOD_I64: expected_type = type_unsigned_int64; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'A':
+ case 'a':
+ case 'E':
+ case 'e':
+ case 'F':
+ case 'f':
+ case 'G':
+ case 'g':
+ switch (fmt_mod) {
+ case FMT_MOD_l: /* l modifier is ignored */
+ case FMT_MOD_NONE: expected_type = type_double; break;
+ case FMT_MOD_L: expected_type = type_long_double; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'C':
+ if (fmt_mod != FMT_MOD_NONE) {
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ expected_type = type_wchar_t;
+ break;
+
+ case 'c':
+ expected_type = type_int;
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_int; break; /* TODO promoted char */
+ case FMT_MOD_l: expected_type = type_wint_t; break;
+ case FMT_MOD_w: expected_type = type_wchar_t; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'S':
+ if (fmt_mod != FMT_MOD_NONE) {
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ expected_type = type_wchar_t;
+ break;
+
+ case 's':
+ case '[':
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_char; break;
+ case FMT_MOD_l: expected_type = type_wchar_t; break;
+ case FMT_MOD_w: expected_type = type_wchar_t; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'p':
+ if (fmt_mod != FMT_MOD_NONE) {
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ expected_type = type_void_ptr;
+ break;
+
+ case 'n':
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_int; break;
+ case FMT_MOD_hh: expected_type = type_signed_char; break;
+ case FMT_MOD_h: expected_type = type_short; break;
+ case FMT_MOD_l: expected_type = type_long; break;
+ case FMT_MOD_ll: expected_type = type_long_long; break;
+ case FMT_MOD_j: expected_type = type_intmax_t; break;
+ case FMT_MOD_z: expected_type = type_ssize_t; break;
+ case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ default:
+ warningf(pos, "encountered unknown conversion specifier '%%%C' at position %u", (wint_t)fmt, num_fmt);
+ if (arg == NULL) {
+ warningf(pos, "too few arguments for format string");
+ return;
+ }
+ goto next_arg;
+ }
+
+ if (arg == NULL) {
+ warningf(pos, "too few arguments for format string");
+ return;