am 5cc5c5ea: Merge "Add basic compile time tests for sn?printf."

* commit '5cc5c5ea0b7a5a2d523ea35c645a42b222929276':
  Add basic compile time tests for sn?printf.

tests/Android.mk

@@ -342,7 +342,7 @@ LOCAL_CXX = $(LOCAL_PATH)/file-check-cxx \
 LOCAL_CLANG := false
 LOCAL_MODULE := bionic-compile-time-tests-g++
 LOCAL_CXXFLAGS := -Wall
-LOCAL_SRC_FILES :=
+LOCAL_SRC_FILES := fortify_sprintf_warnings.cpp
 include $(BUILD_STATIC_LIBRARY)
 
 include $(CLEAR_VARS)
@@ -359,6 +359,8 @@ LOCAL_CXX := $(LOCAL_PATH)/file-check-cxx \
 LOCAL_CLANG := true
 LOCAL_MODULE := bionic-compile-time-tests-clang++
 LOCAL_CXXFLAGS := -Wall
+# FileCheck will error if there aren't any CLANG: lines in the file, but there
+# don't appear to be any cases where clang _does_ emit warnings for sn?printf :(
 LOCAL_SRC_FILES :=
 include $(BUILD_STATIC_LIBRARY)
 

tests/fortify_sprintf_warnings.cpp

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#undef _FORTIFY_SOURCE
+#define _FORTIFY_SOURCE 2
+#include <stdio.h>
+
+void test_sprintf() {
+  char buf[4];
+
+  // NOLINTNEXTLINE(whitespace/line_length)
+  // GCC: warning: call to int __builtin___sprintf_chk(char*, int, unsigned int, const char*, ...) will always overflow destination buffer
+  // clang should emit a warning, but doesn't
+  sprintf(buf, "foobar"); // NOLINT(runtime/printf)
+
+  // NOLINTNEXTLINE(whitespace/line_length)
+  // GCC: warning: call to int __builtin___sprintf_chk(char*, int, unsigned int, const char*, ...) will always overflow destination buffer
+  // clang should emit a warning, but doesn't
+  sprintf(buf, "%s", "foobar"); // NOLINT(runtime/printf)
+}
+
+void test_snprintf() {
+  char buf[4];
+
+  // NOLINTNEXTLINE(whitespace/line_length)
+  // GCC: warning: call to int __builtin___snprintf_chk(char*, unsigned int, int, unsigned int, const char*, ...) will always overflow destination buffer
+  // clang should emit a warning, but doesn't
+  snprintf(buf, 5, "foobar"); // NOLINT(runtime/printf)
+
+  // NOLINTNEXTLINE(whitespace/line_length)
+  // GCC: warning: call to int __builtin___snprintf_chk(char*, unsigned int, int, unsigned int, const char*, ...) will always overflow destination buffer
+  // clang should emit a warning, but doesn't
+  snprintf(buf, 5, "%s", "foobar"); // NOLINT(runtime/printf)
+
+  // NOLINTNEXTLINE(whitespace/line_length)
+  // GCC: warning: call to int __builtin___snprintf_chk(char*, unsigned int, int, unsigned int, const char*, ...) will always overflow destination buffer
+  // clang should emit a warning, but doesn't
+  snprintf(buf, 5, " %s ", "foobar"); // NOLINT(runtime/printf)
+
+  // NOLINTNEXTLINE(whitespace/line_length)
+  // GCC: warning: call to int __builtin___snprintf_chk(char*, unsigned int, int, unsigned int, const char*, ...) will always overflow destination buffer
+  // clang should emit a warning, but doesn't
+  snprintf(buf, 5, "%d", 100000); // NOLINT(runtime/printf)
+}