diff options
| author | Louis Dionne <ldionne.2@gmail.com> | 2021-10-29 12:36:57 -0400 |
|---|---|---|
| committer | Louis Dionne <ldionne.2@gmail.com> | 2021-11-09 13:17:45 -0500 |
| commit | a4ba780510518150cc11b330bbd2beb447e1f50e (patch) | |
| tree | 8a5547a947b7afa2a773b4087f848d7939c94c16 /llvm/lib/CodeGen/AsmPrinter/CodeViewDebug.cpp | |
| parent | 56f7da6e0d29139d7684b2dc08901fefb64e4fa1 (diff) | |
| download | llvm-a4ba780510518150cc11b330bbd2beb447e1f50e.zip llvm-a4ba780510518150cc11b330bbd2beb447e1f50e.tar.gz llvm-a4ba780510518150cc11b330bbd2beb447e1f50e.tar.bz2 | |
[libc++] Enable -Wformat-nonliteral when building libc++
Using user-provided data as a format string is a well known source of
security vulnerabilities. For this reason, it is a good idea to compile
our code with -Wformat-nonliteral, which basically warns if a non-constant
string is used as a format specifier. This is the compiler’s best signal
that a format string call may be insecure.
I audited the code after adding the warning and made sure that the few
places where we used a non-literal string as a format string were not
potential security issues. I either disabled the warning locally for
those instances or fixed the warning by using a literal. The idea is
that after we add the warning to the build, any new use of a non-literal
string in a format string will trigger a diagnostic, and we can either
get rid of it or disable the warning locally, which is a way of
acknowledging that it has been audited.
I also looked into enabling it in the test suite, which would perhaps
allow finding additional instances of it in our headers, however that
is not possible at the moment because Clang doesn't support putting
__attribute__((__format__(...))) on variadic templates, which would
be needed.
rdar://84571685
Differential Revision: https://reviews.llvm.org/D112927
Diffstat (limited to 'llvm/lib/CodeGen/AsmPrinter/CodeViewDebug.cpp')
0 files changed, 0 insertions, 0 deletions