[Sema] Don't crash on scanf on forward-declared enums.

This is valid in GNU C, which allows pointers to incomplete enums. GCC
just pretends that the underlying type is 'int' in those cases, follow
that behavior.

llvm-svn: 279374

diff --git a/clang/lib/Analysis/FormatString.cpp b/clang/lib/Analysis/FormatString.cpp
index 83d08b5..0872e78 100644 (file)
--- a/clang/lib/Analysis/FormatString.cpp
+++ b/clang/lib/Analysis/FormatString.cpp
@@ -310,8 +310,13 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const {
       return Match;
 
     case AnyCharTy: {
-      if (const EnumType *ETy = argTy->getAs<EnumType>())
+      if (const EnumType *ETy = argTy->getAs<EnumType>()) {
+        // If the enum is incomplete we know nothing about the underlying type.
+        // Assume that it's 'int'.
+        if (!ETy->getDecl()->isComplete())
+          return NoMatch;
         argTy = ETy->getDecl()->getIntegerType();
+      }
 
       if (const BuiltinType *BT = argTy->getAs<BuiltinType>())
         switch (BT->getKind()) {
@@ -327,8 +332,14 @@ ArgType::matchesType(ASTContext &C, QualType argTy) const {
     }
 
     case SpecificTy: {
-      if (const EnumType *ETy = argTy->getAs<EnumType>())
-        argTy = ETy->getDecl()->getIntegerType();
+      if (const EnumType *ETy = argTy->getAs<EnumType>()) {
+        // If the enum is incomplete we know nothing about the underlying type.
+        // Assume that it's 'int'.
+        if (!ETy->getDecl()->isComplete())
+          argTy = C.IntTy;
+        else
+          argTy = ETy->getDecl()->getIntegerType();
+      }
       argTy = C.getCanonicalType(argTy).getUnqualifiedType();
 
       if (T == argTy)

diff --git a/clang/lib/Analysis/ScanfFormatString.cpp b/clang/lib/Analysis/ScanfFormatString.cpp
index 82b0388..3b93f1a 100644 (file)
--- a/clang/lib/Analysis/ScanfFormatString.cpp
+++ b/clang/lib/Analysis/ScanfFormatString.cpp
@@ -418,8 +418,12 @@ bool ScanfSpecifier::fixType(QualType QT, QualType RawQT,
   QualType PT = QT->getPointeeType();
 
   // If it's an enum, get its underlying type.
-  if (const EnumType *ETy = PT->getAs<EnumType>())
+  if (const EnumType *ETy = PT->getAs<EnumType>()) {
+    // Don't try to fix incomplete enums.
+    if (!ETy->getDecl()->isComplete())
+      return false;
     PT = ETy->getDecl()->getIntegerType();
+  }
 
   const BuiltinType *BT = PT->getAs<BuiltinType>();
   if (!BT)

diff --git a/clang/test/Sema/format-strings-enum.c b/clang/test/Sema/format-strings-enum.c
index e79f859..ba077a8 100644 (file)
--- a/clang/test/Sema/format-strings-enum.c
+++ b/clang/test/Sema/format-strings-enum.c
@@ -11,6 +11,7 @@
 #endif
 
 EXTERN_C int printf(const char *,...);
+EXTERN_C int scanf(const char *, ...);
 
 typedef enum { Constant = 0 } TestEnum;
 // Note that in C, the type of 'Constant' is 'int'. In C++ it is 'TestEnum'.
@@ -34,3 +35,18 @@ void testLong(LongEnum input) {
   printf("%lu", input);
   printf("%lu", LongConstant);
 }
+
+#ifndef __cplusplus
+// GNU C allows forward declaring enums.
+extern enum forward_declared *fwd;
+
+void forward_enum() {
+  printf("%u", fwd); // expected-warning{{format specifies type 'unsigned int' but the argument has type 'enum forward_declared *}}
+  printf("%p", fwd);
+
+  scanf("%c", fwd); // expected-warning{{format specifies type 'char *' but the argument has type 'enum forward_declared *}}
+  scanf("%u", fwd);
+  scanf("%lu", fwd); // expected-warning{{format specifies type 'unsigned long *' but the argument has type 'enum forward_declared *}}
+  scanf("%p", fwd); // expected-warning{{format specifies type 'void **' but the argument has type 'enum forward_declared *}}
+}
+#endif