1 // RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 %s -verify
2
3 typedef struct _FILE FILE;
4 extern int scanf(const char *format, ...);
5 extern int fscanf(FILE *f, const char *format, ...);
6 extern int sscanf(const char *input, const char *format, ...);
7
call_scanf(void)8 void call_scanf(void) {
9 char buf10[10];
10 char buf20[20];
11 char buf30[30];
12 scanf("%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}}
13 scanf("%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 12}}
14 scanf("%4s %5s %9s", buf20, buf30, buf10);
15 scanf("%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}}
16 scanf("%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 22}}
17 scanf("%19s %5s %9s", buf20, buf30, buf10);
18 scanf("%19s %29s %9s", buf20, buf30, buf10);
19
20 scanf("%*21s %*30s %10s", buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 10, but the corresponding specifier may require size 11}}
21 scanf("%*21s %5s", buf10);
22 scanf("%10s %*30s", buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 10, but the corresponding specifier may require size 11}}
23 scanf("%9s %*30s", buf10);
24
25 scanf("%4[a] %5[a] %10[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}}
26 scanf("%4[a] %5[a] %11[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 12}}
27 scanf("%4[a] %5[a] %9[a]", buf20, buf30, buf10);
28 scanf("%20[a] %5[a] %9[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}}
29 scanf("%21[a] %5[a] %9[a]", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 22}}
30 scanf("%19[a] %5[a] %9[a]", buf20, buf30, buf10);
31 scanf("%19[a] %29[a] %9[a]", buf20, buf30, buf10);
32
33 scanf("%4c %5c %10c", buf20, buf30, buf10);
34 scanf("%4c %5c %11c", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 4 has size 10, but the corresponding specifier may require size 11}}
35 scanf("%4c %5c %9c", buf20, buf30, buf10);
36 scanf("%20c %5c %9c", buf20, buf30, buf10);
37 scanf("%21c %5c %9c", buf20, buf30, buf10); // expected-warning {{'scanf' may overflow; destination buffer in argument 2 has size 20, but the corresponding specifier may require size 21}}
38
39 // Don't warn for other specifiers.
40 int x;
41 scanf("%12d", &x);
42 }
43
call_sscanf(void)44 void call_sscanf(void) {
45 char buf10[10];
46 char buf20[20];
47 char buf30[30];
48 sscanf("a b c", "%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 11}}
49 sscanf("a b c", "%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 12}}
50 sscanf("a b c", "%4s %5s %9s", buf20, buf30, buf10);
51 sscanf("a b c", "%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 21}}
52 sscanf("a b c", "%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'sscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 22}}
53 sscanf("a b c", "%19s %5s %9s", buf20, buf30, buf10);
54 sscanf("a b c", "%19s %29s %9s", buf20, buf30, buf10);
55 }
56
call_fscanf(void)57 void call_fscanf(void) {
58 char buf10[10];
59 char buf20[20];
60 char buf30[30];
61 fscanf(0, "%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 11}}
62 fscanf(0, "%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 12}}
63 fscanf(0, "%4s %5s %9s", buf20, buf30, buf10);
64 fscanf(0, "%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 21}}
65 fscanf(0, "%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 22}}
66 fscanf(0, "%19s %5s %9s", buf20, buf30, buf10);
67 fscanf(0, "%19s %29s %9s", buf20, buf30, buf10);
68 }
69