Add additional nonnull attributes for printf/scanf family functions

Extend nonnull coverage to include not only format string parameters,
but also FILE* and char* arguments (e.g. for sscanf, fprintf, etc.).

Author: bozicrHT

clang/include/clang/Basic/Builtins.td

@@ -3109,21 +3109,21 @@ def BuiltinPrintf : Builtin {
 
 def FPrintf : LibBuiltin<"stdio.h"> {
   let Spellings = ["fprintf"];
-  let Attributes = [NoThrow, PrintfFormat<1>, NonNull<[1]>];
+  let Attributes = [NoThrow, PrintfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(FILE* restrict, char const* restrict, ...)";
   let AddBuiltinPrefixedAlias = 1;
 }
 
 def SnPrintf : LibBuiltin<"stdio.h"> {
   let Spellings = ["snprintf"];
-  let Attributes = [NoThrow, PrintfFormat<2>, NonNull<[2]>];
+  let Attributes = [NoThrow, PrintfFormat<2>, NonNull<[0, 2]>];
   let Prototype = "int(char* restrict, size_t, char const* restrict, ...)";
   let AddBuiltinPrefixedAlias = 1;
 }
 
 def SPrintf : LibBuiltin<"stdio.h"> {
   let Spellings = ["sprintf"];
-  let Attributes = [NoThrow, PrintfFormat<1>, NonNull<[1]>];
+  let Attributes = [NoThrow, PrintfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(char* restrict, char const* restrict, ...)";
   let AddBuiltinPrefixedAlias = 1;
 }
@@ -3137,21 +3137,21 @@ def VPrintf : LibBuiltin<"stdio.h"> {
 
 def VfPrintf : LibBuiltin<"stdio.h"> {
   let Spellings = ["vfprintf"];
-  let Attributes = [NoThrow, VPrintfFormat<1>, NonNull<[1]>];
+  let Attributes = [NoThrow, VPrintfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(FILE* restrict, char const* restrict, __builtin_va_list)";
   let AddBuiltinPrefixedAlias = 1;
 }
 
 def VsnPrintf : LibBuiltin<"stdio.h"> {
   let Spellings = ["vsnprintf"];
-  let Attributes = [NoThrow, VPrintfFormat<2>, NonNull<[2]>];
+  let Attributes = [NoThrow, VPrintfFormat<2>, NonNull<[0, 2]>];
   let Prototype = "int(char* restrict, size_t, char const* restrict, __builtin_va_list)";
   let AddBuiltinPrefixedAlias = 1;
 }
 
 def VsPrintf : LibBuiltin<"stdio.h"> {
   let Spellings = ["vsprintf"];
-  let Attributes = [NoThrow, VPrintfFormat<1>, NonNull<[1]>];
+  let Attributes = [NoThrow, VPrintfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(char* restrict, char const* restrict, __builtin_va_list)";
   let AddBuiltinPrefixedAlias = 1;
 }
@@ -3165,14 +3165,14 @@ def Scanf : LibBuiltin<"stdio.h"> {
 
 def FScanf : LibBuiltin<"stdio.h"> {
   let Spellings = ["fscanf"];
-  let Attributes = [ScanfFormat<1>, NonNull<[1]>];
+  let Attributes = [ScanfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(FILE* restrict, char const* restrict, ...)";
   let AddBuiltinPrefixedAlias = 1;
 }
 
 def SScanf : LibBuiltin<"stdio.h"> {
   let Spellings = ["sscanf"];
-  let Attributes = [ScanfFormat<1>, NonNull<[1]>];
+  let Attributes = [ScanfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(char const* restrict, char const* restrict, ...)";
   let AddBuiltinPrefixedAlias = 1;
 }
@@ -3186,14 +3186,14 @@ def VScanf : LibBuiltin<"stdio.h"> {
 
 def VFScanf : LibBuiltin<"stdio.h"> {
   let Spellings = ["vfscanf"];
-  let Attributes = [VScanfFormat<1>, NonNull<[1]>];
+  let Attributes = [VScanfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(FILE* restrict, char const* restrict, __builtin_va_list)";
   let AddBuiltinPrefixedAlias = 1;
 }
 
 def VSScanf : LibBuiltin<"stdio.h"> {
   let Spellings = ["vsscanf"];
-  let Attributes = [VScanfFormat<1>, NonNull<[1]>];
+  let Attributes = [VScanfFormat<1>, NonNull<[0, 1]>];
   let Prototype = "int(char const* restrict, char const* restrict, __builtin_va_list)";
   let AddBuiltinPrefixedAlias = 1;
 }

clang/test/Analysis/stream.c

@@ -52,13 +52,13 @@ void check_fputs(void) {
 
 void check_fprintf(void) {
   FILE *fp = tmpfile();
-  fprintf(fp, "ABC"); // expected-warning {{Stream pointer might be NULL}}
+  fprintf(fp, "ABC"); // expected-warning {{Null pointer passed to 1st parameter expecting 'nonnull'}}
   fclose(fp);
 }
 
 void check_fscanf(void) {
   FILE *fp = tmpfile();
-  fscanf(fp, "ABC"); // expected-warning {{Stream pointer might be NULL}}
+  fscanf(fp, "ABC"); // expected-warning {{Null pointer passed to 1st parameter expecting 'nonnull'}}
   fclose(fp);
 }
 
@@ -152,13 +152,13 @@ void f_dopen(int fd) {
 
 void f_vfprintf(int fd, va_list args) {
   FILE *F = fdopen(fd, "r");
-  vfprintf(F, "%d", args); // expected-warning {{Stream pointer might be NULL}}
+  vfprintf(F, "%d", args); // expected-warning {{Null pointer passed to 1st parameter expecting 'nonnull'}}
   fclose(F);
 }
 
 void f_vfscanf(int fd, va_list args) {
   FILE *F = fdopen(fd, "r");
-  vfscanf(F, "%u", args); // expected-warning {{Stream pointer might be NULL}}
+  vfscanf(F, "%u", args); // expected-warning {{Null pointer passed to 1st parameter expecting 'nonnull'}}
   fclose(F);
 }
 

clang/test/Sema/format-strings-nonnull.c

@@ -25,6 +25,7 @@ int vsscanf(char const* restrict, char const* restrict, __builtin_va_list);
 
 void check_format_string(FILE *fp, va_list ap) {
     char buf[256];
+    int num;
     char* const fmt = NULL;
 
     printf(fmt);
@@ -36,11 +37,13 @@ void check_format_string(FILE *fp, va_list ap) {
     fprintf(fp, NULL, 25);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
 
-    sprintf(buf, NULL, 42);
+    sprintf(NULL, NULL, 42);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
+    // expected-warning@-2{{null passed to a callee that requires a non-null argument}}
 
-    snprintf(buf, 10, 0, 42);
+    snprintf(NULL, 10, 0, 42);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
+    // expected-warning@-2{{null passed to a callee that requires a non-null argument}}
 
     vprintf(fmt, ap);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
@@ -51,15 +54,19 @@ void check_format_string(FILE *fp, va_list ap) {
     vsprintf(buf, nullptr, ap);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
 
-    vsnprintf(buf, 10, fmt, ap);
+    vsnprintf(NULL, 10, fmt, ap);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
+    // expected-warning@-2{{null passed to a callee that requires a non-null argument}}
 
     scanf(NULL);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
 
-    fscanf(fp, nullptr);
+    fscanf(nullptr, nullptr);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
+    // expected-warning@-2{{null passed to a callee that requires a non-null argument}}
 
+    sscanf(NULL, "%d %s", &num, buf);
+    // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
     sscanf(buf, fmt);
     // expected-warning@-1{{null passed to a callee that requires a non-null argument}}
 

clang/test/Sema/format-strings-nonnull.cpp

@@ -13,12 +13,15 @@ typedef __builtin_va_list va_list;
 EXTERN_C int printf(const char *, ...);
 EXTERN_C int fprintf(FILE *, const char *restrict, ...);
 EXTERN_C int sprintf(char* restrict, char const* res, ...);
+EXTERN_C int vfprintf(FILE* restrict, char const* res, __builtin_va_list);
 
 EXTERN_C int scanf(char const *restrict, ...);
 EXTERN_C int fscanf(FILE* restrict, char const* res, ...);
+EXTERN_C int sscanf(char const* restrict, char const* res, ...);
 
-void test(FILE *fp) {
+void test(FILE *fp, va_list ap) {
   char buf[256];
+  int num;
 
   __builtin_printf(__null, "x");
   // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
@@ -37,4 +40,10 @@ void test(FILE *fp) {
 
   fscanf(fp, __null);
   // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
+
+  vfprintf(__null, "xxd", ap);
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
+
+  sscanf(__null, "%d", &num);
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
 }

clang/test/Sema/warn-fortify-scanf.c

@@ -59,10 +59,17 @@ void call_fscanf(void) {
   char buf20[20];
   char buf30[30];
   fscanf(0, "%4s %5s %10s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 11}}
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
   fscanf(0, "%4s %5s %11s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 5 has size 10, but the corresponding specifier may require size 12}}
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
   fscanf(0, "%4s %5s %9s", buf20, buf30, buf10);
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
   fscanf(0, "%20s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 21}}
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
   fscanf(0, "%21s %5s %9s", buf20, buf30, buf10); // expected-warning {{'fscanf' may overflow; destination buffer in argument 3 has size 20, but the corresponding specifier may require size 22}}
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
   fscanf(0, "%19s %5s %9s", buf20, buf30, buf10);
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
   fscanf(0, "%19s %29s %9s", buf20, buf30, buf10);
+  // expected-warning@-1 {{null passed to a callee that requires a non-null argument}}
 }