Identify two more unsafe uses of getCustomDiagID()

llvm-svn: 200126
2025-02-10 11:23:52 +00:00 · 2014-01-26 05:08:49 +00:00 · 2014-01-26 05:08:49 +00:00 · 046cda538c
commit 046cda538c
parent 4af8fa9ae4
1 changed files with 4 additions and 0 deletions
--- a/clang/lib/ARCMigrate/ObjCMT.cpp
+++ b/clang/lib/ARCMigrate/ObjCMT.cpp
@ -1845,6 +1845,8 @@ void ObjCMigrateASTConsumer::HandleTranslationUnit(ASTContext &Ctx) {
   std::string Error;
   llvm::raw_fd_ostream OS(MigrateDir.c_str(), Error, llvm::sys::fs::F_Binary);
    if (!Error.empty()) {
+      // FIXME: It's not safe to pass arbitrary user-generated strings into
+      // getCustomDiagID(). Use a constant diagnostic ID instead.
      unsigned ID = Ctx.getDiagnostics().getDiagnosticIDs()->
          getCustomDiagID(DiagnosticIDs::Error, Error);
      Ctx.getDiagnostics().Report(ID);
@ -2061,6 +2063,8 @@ private:

 static bool reportDiag(const Twine &Err, DiagnosticsEngine &Diag) {
  SmallString<128> Buf;
+  // FIXME: It's not safe to pass arbitrary user-generated strings into
+  // getCustomDiagID(). Use a constant diagnostic ID instead.
  unsigned ID = Diag.getDiagnosticIDs()->getCustomDiagID(DiagnosticIDs::Error,
                                                         Err.toStringRef(Buf));
  Diag.Report(ID);