clang: add a new warning for %n format specifier usage in printf(3) family functions

ok deraadt@
different versions tested by jca@ naddy@ sthen@

2 files changed, 12 insertions, 0 deletions

diff --git a/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td b/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td
index cd23dd38ca2..b7aacbb586c 100644
--- a/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td
+++ b/gnu/llvm/clang/include/clang/Basic/DiagnosticSemaKinds.td
@@ -9104,6 +9104,9 @@ def err_os_log_argument_too_big : Error<
 def warn_os_log_format_narg : Error<
  "os_log() '%%n' format specifier is not allowed">, DefaultError;
 
+def warn_format_narg : Warning<
+  "'%%n' format specifier support is deactivated and will call abort(3)">;
+
 // Statements.
 def err_continue_not_in_loop : Error<
   "'continue' statement not in loop statement">;
diff --git a/gnu/llvm/clang/lib/Sema/SemaChecking.cpp b/gnu/llvm/clang/lib/Sema/SemaChecking.cpp
index 82a7e6bed18..5a23f4a2bb2 100644
--- a/gnu/llvm/clang/lib/Sema/SemaChecking.cpp
+++ b/gnu/llvm/clang/lib/Sema/SemaChecking.cpp
@@ -8083,6 +8083,15 @@ CheckPrintfHandler::HandlePrintfSpecifier(const analyze_printf::PrintfSpecifier
     return true;
   }
 
+  // %n is not allowed anywhere
+  if (CS.getKind() == ConversionSpecifier::nArg) {
+    EmitFormatDiagnostic(S.PDiag(diag::warn_format_narg),
+                         getLocationOfByte(CS.getStart()),
+                         /*IsStringLocation*/ false,
+                         getSpecifierRange(startSpecifier, specifierLen));
+    return true;
+  }
+
   // Only scalars are allowed for os_trace.
   if (FSType == Sema::FST_OSTrace &&
       (CS.getKind() == ConversionSpecifier::PArg ||