mirror of
https://github.com/git/git.git
synced 2024-10-31 22:37:54 +01:00
e488b7aba7
The strncpy() function is less horrible than strcpy(), but
is still pretty easy to misuse because of its funny
termination semantics. Namely, that if it truncates it omits
the NUL terminator, and you must remember to add it
yourself. Even if you use it correctly, it's sometimes hard
for a reader to verify this without hunting through the
code. If you're thinking about using it, consider instead:
- strlcpy() if you really just need a truncated but
NUL-terminated string (we provide a compat version, so
it's always available)
- xsnprintf() if you're sure that what you're copying
should fit
- strbuf or xstrfmt() if you need to handle
arbitrary-length heap-allocated strings
Note that there is one instance of strncpy in
compat/regex/regcomp.c, which is fine (it allocates a
sufficiently large string before copying). But this doesn't
trigger the ban-list even when compiling with NO_REGEX=1,
because:
1. we don't use git-compat-util.h when compiling it
(instead we rely on the system includes from the
upstream library); and
2. It's in an "#ifdef DEBUG" block
Since it's doesn't trigger the banned.h code, we're better
off leaving it to keep our divergence from upstream minimal.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
30 lines
741 B
C
30 lines
741 B
C
#ifndef BANNED_H
|
|
#define BANNED_H
|
|
|
|
/*
|
|
* This header lists functions that have been banned from our code base,
|
|
* because they're too easy to misuse (and even if used correctly,
|
|
* complicate audits). Including this header turns them into compile-time
|
|
* errors.
|
|
*/
|
|
|
|
#define BANNED(func) sorry_##func##_is_a_banned_function
|
|
|
|
#undef strcpy
|
|
#define strcpy(x,y) BANNED(strcpy)
|
|
#undef strcat
|
|
#define strcat(x,y) BANNED(strcat)
|
|
#undef strncpy
|
|
#define strncpy(x,y,n) BANNED(strncpy)
|
|
|
|
#undef sprintf
|
|
#undef vsprintf
|
|
#ifdef HAVE_VARIADIC_MACROS
|
|
#define sprintf(...) BANNED(sprintf)
|
|
#define vsprintf(...) BANNED(vsprintf)
|
|
#else
|
|
#define sprintf(buf,fmt,arg) BANNED(sprintf)
|
|
#define vsprintf(buf,fmt,arg) BANNED(sprintf)
|
|
#endif
|
|
|
|
#endif /* BANNED_H */
|