+/**
+ * Check scanf-style format.
+ */
+static void check_scanf_format(const call_argument_t *arg, const format_spec_t *spec)
+{
+ /* find format arg */
+ unsigned idx = 0;
+ for (; idx < spec->fmt_idx; ++idx) {
+ if (arg == NULL)
+ return;
+ arg = arg->next;
+ }
+
+ const expression_t *fmt_expr = arg->expression;
+ if (fmt_expr->kind == EXPR_UNARY_CAST_IMPLICIT) {
+ fmt_expr = fmt_expr->unary.value;
+ }
+
+ vchar_t vchar;
+ if (fmt_expr->kind == EXPR_WIDE_STRING_LITERAL) {
+ vchar.string = &fmt_expr->wide_string.value;
+ vchar.size = fmt_expr->wide_string.value.size;
+ vchar.first = wstring_first;
+ vchar.next = wstring_next;
+ vchar.is_digit = wstring_isdigit;
+ } else if (fmt_expr->kind == EXPR_STRING_LITERAL) {
+ vchar.string = &fmt_expr->string.value;
+ vchar.size = fmt_expr->string.value.size;
+ vchar.first = string_first;
+ vchar.next = string_next;
+ vchar.is_digit = string_isdigit;
+ } else {
+ return;
+ }
+ /* find the real args */
+ for (; idx < spec->arg_idx && arg != NULL; ++idx)
+ arg = arg->next;
+
+ const source_position_t *pos = &fmt_expr->base.source_position;
+ unsigned fmt = vchar.first(&vchar);
+ unsigned num_fmt = 0;
+ for (; fmt != '\0'; fmt = vchar.next(&vchar)) {
+ if (fmt != '%')
+ continue;
+ fmt = vchar.next(&vchar);
+
+ if (fmt == '%')
+ continue;
+
+ ++num_fmt;
+
+ /* length modifier */
+ format_length_modifier_t fmt_mod;
+ switch (fmt) {
+ case 'h':
+ fmt = vchar.next(&vchar);
+ if (fmt == 'h') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_hh;
+ } else {
+ fmt_mod = FMT_MOD_h;
+ }
+ break;
+
+ case 'l':
+ fmt = vchar.next(&vchar);
+ if (fmt == 'l') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_ll;
+ } else {
+ fmt_mod = FMT_MOD_l;
+ }
+ break;
+
+ case 'L': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_L; break;
+ case 'j': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_j; break;
+ case 't': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_t; break;
+ case 'z': fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_z; break;
+ /* microsoft mode */
+ case 'w':
+ if (c_mode & _MS) {
+ fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_w;
+ } else {
+ fmt_mod = FMT_MOD_NONE;
+ }
+ break;
+ case 'I':
+ if (c_mode & _MS) {
+ fmt = vchar.next(&vchar); fmt_mod = FMT_MOD_I;
+ if (fmt == '3') {
+ fmt = vchar.next(&vchar);
+ if (fmt == '2') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_I32;
+ } else {
+ /* rewind */
+ --vchar.position;
+ }
+ } else if (fmt == '6') {
+ fmt = vchar.next(&vchar);
+ if (fmt == '4') {
+ fmt = vchar.next(&vchar);
+ fmt_mod = FMT_MOD_I64;
+ } else {
+ /* rewind */
+ --vchar.position;
+ }
+ }
+ } else {
+ fmt_mod = FMT_MOD_NONE;
+ }
+ break;
+ default:
+ fmt_mod = FMT_MOD_NONE;
+ break;
+ }
+
+ if (fmt == '\0') {
+ warningf(pos, "dangling %% in format string");
+ break;
+ }
+
+ type_t *expected_type;
+ switch (fmt) {
+ case 'd':
+ case 'i':
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_int; break;
+ case FMT_MOD_hh: expected_type = type_signed_char; break;
+ case FMT_MOD_h: expected_type = type_short; break;
+ case FMT_MOD_l: expected_type = type_long; break;
+ case FMT_MOD_ll: expected_type = type_long_long; break;
+ case FMT_MOD_j: expected_type = type_intmax_t; break;
+ case FMT_MOD_z: expected_type = type_ssize_t; break;
+ case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
+ case FMT_MOD_I: expected_type = type_ptrdiff_t; break;
+ case FMT_MOD_I32: expected_type = type_int32; break;
+ case FMT_MOD_I64: expected_type = type_int64; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'o':
+ case 'X':
+ case 'x':
+ goto eval_fmt_mod_unsigned;
+
+ case 'u':
+eval_fmt_mod_unsigned:
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_unsigned_int; break;
+ case FMT_MOD_hh: expected_type = type_unsigned_char; break;
+ case FMT_MOD_h: expected_type = type_unsigned_short; break;
+ case FMT_MOD_l: expected_type = type_unsigned_long; break;
+ case FMT_MOD_ll: expected_type = type_unsigned_long_long; break;
+ case FMT_MOD_j: expected_type = type_uintmax_t; break;
+ case FMT_MOD_z: expected_type = type_size_t; break;
+ case FMT_MOD_t: expected_type = type_uptrdiff_t; break;
+ case FMT_MOD_I: expected_type = type_size_t; break;
+ case FMT_MOD_I32: expected_type = type_unsigned_int32; break;
+ case FMT_MOD_I64: expected_type = type_unsigned_int64; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'A':
+ case 'a':
+ case 'E':
+ case 'e':
+ case 'F':
+ case 'f':
+ case 'G':
+ case 'g':
+ switch (fmt_mod) {
+ case FMT_MOD_l: /* l modifier is ignored */
+ case FMT_MOD_NONE: expected_type = type_double; break;
+ case FMT_MOD_L: expected_type = type_long_double; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'C':
+ if (fmt_mod != FMT_MOD_NONE) {
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ expected_type = type_wchar_t;
+ break;
+
+ case 'c':
+ expected_type = type_int;
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_int; break; /* TODO promoted char */
+ case FMT_MOD_l: expected_type = type_wint_t; break;
+ case FMT_MOD_w: expected_type = type_wchar_t; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'S':
+ if (fmt_mod != FMT_MOD_NONE) {
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ expected_type = type_wchar_t;
+ break;
+
+ case 's':
+ case '[':
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_char; break;
+ case FMT_MOD_l: expected_type = type_wchar_t; break;
+ case FMT_MOD_w: expected_type = type_wchar_t; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ case 'p':
+ if (fmt_mod != FMT_MOD_NONE) {
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ expected_type = type_void_ptr;
+ break;
+
+ case 'n':
+ switch (fmt_mod) {
+ case FMT_MOD_NONE: expected_type = type_int; break;
+ case FMT_MOD_hh: expected_type = type_signed_char; break;
+ case FMT_MOD_h: expected_type = type_short; break;
+ case FMT_MOD_l: expected_type = type_long; break;
+ case FMT_MOD_ll: expected_type = type_long_long; break;
+ case FMT_MOD_j: expected_type = type_intmax_t; break;
+ case FMT_MOD_z: expected_type = type_ssize_t; break;
+ case FMT_MOD_t: expected_type = type_ptrdiff_t; break;
+
+ default:
+ warn_invalid_length_modifier(pos, fmt_mod, fmt);
+ goto next_arg;
+ }
+ break;
+
+ default:
+ warningf(pos, "encountered unknown conversion specifier '%%%C' at position %u", (wint_t)fmt, num_fmt);
+ if (arg == NULL) {
+ warningf(pos, "too few arguments for format string");
+ return;
+ }
+ goto next_arg;
+ }
+
+ if (arg == NULL) {
+ warningf(pos, "too few arguments for format string");
+ return;
+ }
+
+ { /* create a scope here to prevent warning about the jump to next_arg */
+ type_t *const arg_type = arg->expression->base.type;
+ type_t *const arg_skip = skip_typeref(arg_type);
+ type_t *const expected_type_skip = skip_typeref(expected_type);
+
+ if (! is_type_pointer(arg_skip))
+ goto error_arg_type;
+ type_t *const ptr_skip = skip_typeref(arg_skip->pointer.points_to);
+
+ if (fmt == 'p') {
+ /* allow any pointer type for %p, not just void */
+ if (is_type_pointer(ptr_skip))
+ goto next_arg;
+ }
+
+ /* do NOT allow const or restrict, all other should be ok */
+ if (ptr_skip->base.qualifiers & (TYPE_QUALIFIER_CONST | TYPE_QUALIFIER_VOLATILE))
+ goto error_arg_type;
+ type_t *const unqual_ptr = get_unqualified_type(ptr_skip);
+ if (unqual_ptr == expected_type_skip) {
+ goto next_arg;
+ } else if (expected_type_skip == type_char) {
+ /* char matches with unsigned char AND signed char */
+ if (unqual_ptr == type_signed_char || unqual_ptr == type_unsigned_char)
+ goto next_arg;
+ }
+error_arg_type:
+ if (is_type_valid(arg_skip)) {
+ warningf(pos,
+ "argument type '%T' does not match conversion specifier '%%%s%c' at position %u",
+ arg_type, get_length_modifier_name(fmt_mod), (char)fmt, num_fmt);
+ }
+ }
+next_arg:
+ arg = arg->next;
+ }
+ if (!atend(&vchar)) {
+ warningf(pos, "format string contains '\\0'");
+ }
+ if (arg != NULL) {
+ unsigned num_args = num_fmt;
+ while (arg != NULL) {
+ ++num_args;
+ arg = arg->next;
+ }
+ warningf(pos, "%u argument%s but only %u format specifier%s",
+ num_args, num_args != 1 ? "s" : "",
+ num_fmt, num_fmt != 1 ? "s" : "");
+ }
+}
+
+static const format_spec_t builtin_table[] = {
+ { "printf", FORMAT_PRINTF, 0, 1 },
+ { "wprintf", FORMAT_PRINTF, 0, 1 },
+ { "sprintf", FORMAT_PRINTF, 1, 2 },
+ { "swprintf", FORMAT_PRINTF, 1, 2 },
+ { "snprintf", FORMAT_PRINTF, 2, 3 },
+ { "snwprintf", FORMAT_PRINTF, 2, 3 },
+ { "fprintf", FORMAT_PRINTF, 1, 2 },
+ { "fwprintf", FORMAT_PRINTF, 1, 2 },
+ { "snwprintf", FORMAT_PRINTF, 2, 3 },
+ { "snwprintf", FORMAT_PRINTF, 2, 3 },
+
+ { "scanf", FORMAT_SCANF, 0, 1 },
+ { "wscanf", FORMAT_SCANF, 0, 1 },
+ { "sscanf", FORMAT_SCANF, 1, 2 },
+ { "swscanf", FORMAT_SCANF, 1, 2 },
+ { "fscanf", FORMAT_SCANF, 1, 2 },
+ { "fwscanf", FORMAT_SCANF, 1, 2 },
+
+ { "strftime", FORMAT_STRFTIME, 3, 4 },
+ { "wcstrftime", FORMAT_STRFTIME, 3, 4 },
+
+ { "strfmon", FORMAT_STRFMON, 3, 4 },
+
+ /* MS extensions */
+ { "_snprintf", FORMAT_PRINTF, 2, 3 },
+ { "_snwprintf", FORMAT_PRINTF, 2, 3 },
+ { "_scrintf", FORMAT_PRINTF, 0, 1 },
+ { "_scwprintf", FORMAT_PRINTF, 0, 1 },
+ { "printf_s", FORMAT_PRINTF, 0, 1 },
+ { "wprintf_s", FORMAT_PRINTF, 0, 1 },
+ { "sprintf_s", FORMAT_PRINTF, 3, 4 },
+ { "swprintf_s", FORMAT_PRINTF, 3, 4 },
+ { "fprintf_s", FORMAT_PRINTF, 1, 2 },
+ { "fwprintf_s", FORMAT_PRINTF, 1, 2 },
+ { "_sprintf_l", FORMAT_PRINTF, 1, 3 },
+ { "_swprintf_l", FORMAT_PRINTF, 1, 3 },
+ { "_printf_l", FORMAT_PRINTF, 0, 2 },
+ { "_wprintf_l", FORMAT_PRINTF, 0, 2 },
+ { "_fprintf_l", FORMAT_PRINTF, 1, 3 },
+ { "_fwprintf_l", FORMAT_PRINTF, 1, 3 },
+ { "_printf_s_l", FORMAT_PRINTF, 0, 2 },
+ { "_wprintf_s_l", FORMAT_PRINTF, 0, 2 },
+ { "_sprintf_s_l", FORMAT_PRINTF, 3, 5 },
+ { "_swprintf_s_l", FORMAT_PRINTF, 3, 5 },
+ { "_fprintf_s_l", FORMAT_PRINTF, 1, 3 },
+ { "_fwprintf_s_l", FORMAT_PRINTF, 1, 3 },
+};
+