diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2018-08-15 15:08:26 -0700 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2018-08-15 15:08:26 -0700 |
| commit | e28daf222f51f137d9038a58812f2a89f414781e (patch) | |
| tree | 3a6f81a48618d6292a3e60d9f091c17d4d778af6 /banned.h | |
| parent | Merge branch 'en/merge-recursive-skip-fix' (diff) | |
| parent | banned.h: mark strncpy() as banned (diff) | |
| download | tgif-e28daf222f51f137d9038a58812f2a89f414781e.tar.xz | |
Merge branch 'jk/banned-function'
It is too easy to misuse system API functions such as strcat();
these selected functions are now forbidden in this codebase and
will cause a compilation failure.
* jk/banned-function:
banned.h: mark strncpy() as banned
banned.h: mark sprintf() as banned
banned.h: mark strcat() as banned
automatically ban strcpy()
Diffstat (limited to 'banned.h')
| -rw-r--r-- | banned.h | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/banned.h b/banned.h new file mode 100644 index 0000000000..28f5937035 --- /dev/null +++ b/banned.h @@ -0,0 +1,30 @@ +#ifndef BANNED_H +#define BANNED_H + +/* + * This header lists functions that have been banned from our code base, + * because they're too easy to misuse (and even if used correctly, + * complicate audits). Including this header turns them into compile-time + * errors. + */ + +#define BANNED(func) sorry_##func##_is_a_banned_function + +#undef strcpy +#define strcpy(x,y) BANNED(strcpy) +#undef strcat +#define strcat(x,y) BANNED(strcat) +#undef strncpy +#define strncpy(x,y,n) BANNED(strncpy) + +#undef sprintf +#undef vsprintf +#ifdef HAVE_VARIADIC_MACROS +#define sprintf(...) BANNED(sprintf) +#define vsprintf(...) BANNED(vsprintf) +#else +#define sprintf(buf,fmt,arg) BANNED(sprintf) +#define vsprintf(buf,fmt,arg) BANNED(sprintf) +#endif + +#endif /* BANNED_H */ |