From: Willy Tarreau Date: Fri, 7 Apr 2023 12:57:13 +0000 (+0200) Subject: BUILD: bug.h: add a warning in the base API when unsafe functions are used X-Git-Tag: v2.8-dev7~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f2b3f9431f279d71a59dc73b77139d2ce16e503;p=thirdparty%2Fhaproxy.git BUILD: bug.h: add a warning in the base API when unsafe functions are used Once in a while we introduce an sprintf() or strncat() function by accident. These ones are particularly dangerous and must never ever be used because the only way to use them safely is at least as complicated if not more, than their safe counterparts. By redefining a few of these functions with an attribute_warning() we can deliver a message to the developer who is tempted to use them. This commit does it for strcat(), strcpy(), strncat(), sprintf(), vsprintf(). More could come later if needed, such as strtok() and maybe a few others, but these are less common. --- diff --git a/include/haproxy/bug.h b/include/haproxy/bug.h index a5c1341968..acdd72e548 100644 --- a/include/haproxy/bug.h +++ b/include/haproxy/bug.h @@ -382,6 +382,43 @@ struct mem_stats { #endif /* DEBUG_MEM_STATS*/ +/* Add warnings to users of such functions. These will be reported at link time + * indicating what file name and line used them. The goal is to remind their + * users that these are extremely unsafe functions that never have a valid + * reason for being used. + */ +#undef strcat +__attribute__warning("\n" +" * WARNING! strcat() must never be used, because there is no convenient way\n" +" * to use it that is safe. Use memcpy() instead!\n") +extern char *strcat(char *__restrict dest, const char *__restrict src); + +#undef strcpy +__attribute__warning("\n" +" * WARNING! strcpy() must never be used, because there is no convenient way\n" +" * to use it that is safe. Use memcpy() or strlcpy2() instead!\n") +extern char *strcpy(char *__restrict dest, const char *__restrict src); + +#undef strncat +__attribute__warning("\n" +" * WARNING! strncat() must never be used, because there is no convenient way\n" +" * to use it that is safe. Use memcpy() instead!\n") +extern char *strncat(char *__restrict dest, const char *__restrict src, size_t n); + +#undef sprintf +__attribute__warning("\n" +" * WARNING! sprintf() must never be used, because there is no convenient way\n" +" * to use it that is safe. Use snprintf() instead!\n") +extern int sprintf(char *__restrict dest, const char *__restrict fmt, ...); + +#if defined(_VA_LIST_DEFINED) || defined(_VA_LIST_DECLARED) || defined(_VA_LIST) +#undef vsprintf +__attribute__warning("\n" +" * WARNING! vsprintf() must never be used, because there is no convenient way\n" +" * to use it that is safe. Use vsnprintf() instead!\n") +extern int vsprintf(char *__restrict dest, const char *__restrict fmt, va_list ap); +#endif + #endif /* _HAPROXY_BUG_H */ /*