BUILD: bug.h: add a warning in the base API when unsafe functions are used

Once in a while we introduce an sprintf() or strncat() function by
accident. These ones are particularly dangerous and must never ever
be used because the only way to use them safely is at least as
complicated if not more, than their safe counterparts. By redefining
a few of these functions with an attribute_warning() we can deliver a
message to the developer who is tempted to use them. This commit does
it for strcat(), strcpy(), strncat(), sprintf(), vsprintf(). More could
come later if needed, such as strtok() and maybe a few others, but these
are less common.

diff --git a/include/haproxy/bug.h b/include/haproxy/bug.h
index a5c1341968034839e4034cb3648761720469627c..acdd72e548b239045d85b850acc6f5b6b94f2cf3 100644 (file)
--- a/include/haproxy/bug.h
+++ b/include/haproxy/bug.h
@@ -382,6 +382,43 @@ struct mem_stats {
 
 #endif /* DEBUG_MEM_STATS*/
 
+/* Add warnings to users of such functions. These will be reported at link time
+ * indicating what file name and line used them. The goal is to remind their
+ * users that these are extremely unsafe functions that never have a valid
+ * reason for being used.
+ */
+#undef strcat
+__attribute__warning("\n"
+"  * WARNING! strcat() must never be used, because there is no convenient way\n"
+"  *          to use it that is safe. Use memcpy() instead!\n")
+extern char *strcat(char *__restrict dest, const char *__restrict src);
+
+#undef strcpy
+__attribute__warning("\n"
+"  * WARNING! strcpy() must never be used, because there is no convenient way\n"
+"  *          to use it that is safe. Use memcpy() or strlcpy2() instead!\n")
+extern char *strcpy(char *__restrict dest, const char *__restrict src);
+
+#undef strncat
+__attribute__warning("\n"
+"  * WARNING! strncat() must never be used, because there is no convenient way\n"
+"  *          to use it that is safe. Use memcpy() instead!\n")
+extern char *strncat(char *__restrict dest, const char *__restrict src, size_t n);
+
+#undef sprintf
+__attribute__warning("\n"
+"  * WARNING! sprintf() must never be used, because there is no convenient way\n"
+"  *          to use it that is safe. Use snprintf() instead!\n")
+extern int sprintf(char *__restrict dest, const char *__restrict fmt, ...);
+
+#if defined(_VA_LIST_DEFINED) || defined(_VA_LIST_DECLARED) || defined(_VA_LIST)
+#undef vsprintf
+__attribute__warning("\n"
+"  * WARNING! vsprintf() must never be used, because there is no convenient way\n"
+"  *          to use it that is safe. Use vsnprintf() instead!\n")
+extern int vsprintf(char *__restrict dest, const char *__restrict fmt, va_list ap);
+#endif
+
 #endif /* _HAPROXY_BUG_H */
 
 /*