Merge branch 'jk/banned-function'

It is too easy to misuse system API functions such as strcat(); these selected functions are now forbidden in this codebase and will cause a compilation failure. * jk/banned-function: banned.h: mark strncpy() as banned banned.h: mark sprintf() as banned banned.h: mark strcat() as banned automatically ban strcpy()
2018-08-15 15:08:26 -07:00 · 2018-08-15 15:08:26 -07:00 · e28daf222f
commit e28daf222f
parent e4095da40e e488b7aba7
2 changed files with 36 additions and 0 deletions
--- a/banned.h
+++ b/banned.h
@ -0,0 +1,30 @@
+#ifndef BANNED_H
+#define BANNED_H
+
+/*
+ * This header lists functions that have been banned from our code base,
+ * because they're too easy to misuse (and even if used correctly,
+ * complicate audits). Including this header turns them into compile-time
+ * errors.
+ */
+
+#define BANNED(func) sorry_##func##_is_a_banned_function
+
+#undef strcpy
+#define strcpy(x,y) BANNED(strcpy)
+#undef strcat
+#define strcat(x,y) BANNED(strcat)
+#undef strncpy
+#define strncpy(x,y,n) BANNED(strncpy)
+
+#undef sprintf
+#undef vsprintf
+#ifdef HAVE_VARIADIC_MACROS
+#define sprintf(...) BANNED(sprintf)
+#define vsprintf(...) BANNED(vsprintf)
+#else
+#define sprintf(buf,fmt,arg) BANNED(sprintf)
+#define vsprintf(buf,fmt,arg) BANNED(sprintf)
+#endif
+
+#endif /* BANNED_H */
--- a/git-compat-util.h
+++ b/git-compat-util.h
@ -1239,4 +1239,10 @@ extern void unleak_memory(const void *ptr, size_t len);
 #define UNLEAK(var) do {} while (0)
 #endif

+/*
+ * This include must come after system headers, since it introduces macros that
+ * replace system names.
+ */
+#include "banned.h"
+
 #endif