91aef03015
The ctime_r() and asctime_r() functions are reentrant, but have no check that the buffer we pass in is long enough (the manpage says it "should have room for at least 26 bytes"). Since this is such an easy-to-get-wrong interface, and since we have the much safer strftime() as well as its more convenient strbuf_addftime() wrapper, let's ban both of those. Signed-off-by: Jeff King <peff@peff.net> Reviewed-by: Taylor Blau <me@ttaylorr.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
46 lines
1.1 KiB
C
46 lines
1.1 KiB
C
#ifndef BANNED_H
|
|
#define BANNED_H
|
|
|
|
/*
|
|
* This header lists functions that have been banned from our code base,
|
|
* because they're too easy to misuse (and even if used correctly,
|
|
* complicate audits). Including this header turns them into compile-time
|
|
* errors.
|
|
*/
|
|
|
|
#define BANNED(func) sorry_##func##_is_a_banned_function
|
|
|
|
#undef strcpy
|
|
#define strcpy(x,y) BANNED(strcpy)
|
|
#undef strcat
|
|
#define strcat(x,y) BANNED(strcat)
|
|
#undef strncpy
|
|
#define strncpy(x,y,n) BANNED(strncpy)
|
|
#undef strncat
|
|
#define strncat(x,y,n) BANNED(strncat)
|
|
|
|
#undef sprintf
|
|
#undef vsprintf
|
|
#ifdef HAVE_VARIADIC_MACROS
|
|
#define sprintf(...) BANNED(sprintf)
|
|
#define vsprintf(...) BANNED(vsprintf)
|
|
#else
|
|
#define sprintf(buf,fmt,arg) BANNED(sprintf)
|
|
#define vsprintf(buf,fmt,arg) BANNED(vsprintf)
|
|
#endif
|
|
|
|
#undef gmtime
|
|
#define gmtime(t) BANNED(gmtime)
|
|
#undef localtime
|
|
#define localtime(t) BANNED(localtime)
|
|
#undef ctime
|
|
#define ctime(t) BANNED(ctime)
|
|
#undef ctime_r
|
|
#define ctime_r(t, buf) BANNED(ctime_r)
|
|
#undef asctime
|
|
#define asctime(t) BANNED(asctime)
|
|
#undef asctime_r
|
|
#define asctime_r(t, buf) BANNED(asctime_r)
|
|
|
|
#endif /* BANNED_H */
|