aboutsummaryrefslogtreecommitdiff
path: root/lib/Analysis/ScanfFormatString.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Analysis/ScanfFormatString.cpp')
-rw-r--r--lib/Analysis/ScanfFormatString.cpp12
1 files changed, 9 insertions, 3 deletions
diff --git a/lib/Analysis/ScanfFormatString.cpp b/lib/Analysis/ScanfFormatString.cpp
index 3c848f1f09..1bbd5f2d29 100644
--- a/lib/Analysis/ScanfFormatString.cpp
+++ b/lib/Analysis/ScanfFormatString.cpp
@@ -453,6 +453,15 @@ bool clang::analyze_format_string::ParseScanfString(FormatStringHandler &H,
}
bool ScanfArgTypeResult::matchesType(ASTContext& C, QualType argTy) const {
+ // It has to be a pointer type.
+ const PointerType *PT = argTy->getAs<PointerType>();
+ if (!PT)
+ return false;
+
+ // We cannot write through a const qualified pointer.
+ if (PT->getPointeeType().isConstQualified())
+ return false;
+
switch (K) {
case InvalidTy:
llvm_unreachable("ArgTypeResult must be valid");
@@ -463,9 +472,6 @@ bool ScanfArgTypeResult::matchesType(ASTContext& C, QualType argTy) const {
case WCStrTy:
return ArgTypeResult(ArgTypeResult::WCStrTy).matchesType(C, argTy);
case PtrToArgTypeResultTy: {
- const PointerType *PT = argTy->getAs<PointerType>();
- if (!PT)
- return false;
return A.matchesType(C, PT->getPointeeType());
}
}
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-07-23 21:41:06 +0000