Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / e18c2d2ce3b967b0bd495d2840cb640b95c80896^! / . / clang
commite18c2d2ce3b967b0bd495d2840cb640b95c80896[log] [tgz]
authorAkira Hatanaka <ahatanaka@apple.com>Wed Jul 11 22:19:14 2018 +0000
committerAkira Hatanaka <ahatanaka@apple.com>Wed Jul 11 22:19:14 2018 +0000
tree87909f571e908c8b715cc902a2b26e8fc19ce611
parentef08aec9352a4827a2f9c83fffd7844155b1a633 [diff]
os_log: When there are multiple privacy annotations in the format
string, choose the strictest one instead of the last.

Also fix an undefined behavior. Move the pointer update to a later point to
avoid adding StringRef::npos to the pointer.

rdar://problem/40706280

llvm-svn: 336863

diff --git a/clang/lib/Analysis/PrintfFormatString.cpp b/clang/lib/Analysis/PrintfFormatString.cpp
index 2e5841e..00591ab 100644
--- a/clang/lib/Analysis/PrintfFormatString.cpp
+++ b/clang/lib/Analysis/PrintfFormatString.cpp

@@ -135,17 +135,16 @@
         MatchedStr = Matches[1];
         I += Matches[0].size();
 
-        // Set the privacy flag if there is a privacy annotation in the
-        // comma-delimited segment. This overrides any privacy annotations that
-        // appeared in previous comma-delimited segments.
+        // Set the privacy flag if the privacy annotation in the
+        // comma-delimited segment is at least as strict as the privacy
+        // annotations in previous comma-delimited segments.
         if (MatchedStr.equals("private"))
           PrivacyFlags = clang::analyze_os_log::OSLogBufferItem::IsPrivate;
-        else if (MatchedStr.equals("public"))
+        else if (PrivacyFlags == 0 && MatchedStr.equals("public"))
           PrivacyFlags = clang::analyze_os_log::OSLogBufferItem::IsPublic;
       } else {
         size_t CommaOrBracePos =
             Str.find_if([](char c) { return c == ',' || c == '}'; });
-        I += CommaOrBracePos + 1;
 
         if (CommaOrBracePos == StringRef::npos) {
           // Neither a comma nor the closing brace was found.
@@ -153,6 +152,8 @@
             H.HandleIncompleteSpecifier(Start, E - Start);
           return true;
         }
+
+        I += CommaOrBracePos + 1;
       }
       // Continue until the closing brace is found.
     } while (*(I - 1) == ',');

diff --git a/clang/test/CodeGen/builtins.c b/clang/test/CodeGen/builtins.c
index 4059f16..77b479e 100644
--- a/clang/test/CodeGen/builtins.c
+++ b/clang/test/CodeGen/builtins.c

@@ -421,7 +421,7 @@
   // CHECK: %[[V5:.*]] = load i8*, i8** %[[DATA_ADDR]]
   // CHECK: %[[V6:.*]] = ptrtoint i8* %[[V5]] to i64
   // CHECK: call void @__os_log_helper_1_3_4_4_0_8_34_4_17_8_49(i8* %[[V1]], i32 %[[V2]], i64 %[[V4]], i32 16, i64 %[[V6]])
-  __builtin_os_log_format(buf, "%d %{private,public}s %{public,private}.16P", i, data, data);
+  __builtin_os_log_format(buf, "%d %{public}s %{private}.16P", i, data, data);
 
   // privacy annotations aren't recognized when they are preceded or followed
   // by non-whitespace characters.
@@ -443,7 +443,7 @@
   // The last privacy annotation in the string wins.
 
   // CHECK: call void @__os_log_helper_1_3_1_8_33(
-  __builtin_os_log_format(buf, "%{ public, private, public, private}s", "abc");
+  __builtin_os_log_format(buf, "%{ private, public, private, public}s", "abc");
 }
 
 // CHECK-LABEL: define linkonce_odr hidden void @__os_log_helper_1_3_4_4_0_8_34_4_17_8_49