Merge branch 'jk/banned-function'

It is too easy to misuse system API functions such as strcat();
these selected functions are now forbidden in this codebase and
will cause a compilation failure.

* jk/banned-function:
  banned.h: mark strncpy() as banned
  banned.h: mark sprintf() as banned
  banned.h: mark strcat() as banned
  automatically ban strcpy()
This commit is contained in:
Junio C Hamano 2018-08-15 15:08:26 -07:00
commit e28daf222f
2 changed files with 36 additions and 0 deletions

30
banned.h Normal file
View File

@ -0,0 +1,30 @@
#ifndef BANNED_H
#define BANNED_H
/*
* This header lists functions that have been banned from our code base,
* because they're too easy to misuse (and even if used correctly,
* complicate audits). Including this header turns them into compile-time
* errors.
*/
#define BANNED(func) sorry_##func##_is_a_banned_function
#undef strcpy
#define strcpy(x,y) BANNED(strcpy)
#undef strcat
#define strcat(x,y) BANNED(strcat)
#undef strncpy
#define strncpy(x,y,n) BANNED(strncpy)
#undef sprintf
#undef vsprintf
#ifdef HAVE_VARIADIC_MACROS
#define sprintf(...) BANNED(sprintf)
#define vsprintf(...) BANNED(vsprintf)
#else
#define sprintf(buf,fmt,arg) BANNED(sprintf)
#define vsprintf(buf,fmt,arg) BANNED(sprintf)
#endif
#endif /* BANNED_H */

View File

@ -1239,4 +1239,10 @@ extern void unleak_memory(const void *ptr, size_t len);
#define UNLEAK(var) do {} while (0) #define UNLEAK(var) do {} while (0)
#endif #endif
/*
* This include must come after system headers, since it introduces macros that
* replace system names.
*/
#include "banned.h"
#endif #endif