From: Jeff King <peff@peff.net>
To: Stefan Beller <sbeller@google.com>
Cc: git <git@vger.kernel.org>, Junio C Hamano <gitster@pobox.com>
Subject: Re: [PATCH] blame: prefer xsnprintf to strcpy for colors
Date: Fri, 13 Jul 2018 17:29:34 -0400 [thread overview]
Message-ID: <20180713212934.GA19565@sigill.intra.peff.net> (raw)
In-Reply-To: <CAGZ79kYpZy4q4vD3z5oZNZYgCYWu4YWeA4DX=E8jFW9=XUe7_g@mail.gmail.com>
On Fri, Jul 13, 2018 at 02:10:24PM -0700, Stefan Beller wrote:
> > I'd be happy to declare strcpy() totally banned (and it more or less
> > is). I found this with a simple "git grep", though it seems like a
> > trivial application of coccinelle to find it. The question is what to
> > convert it into.
>
> into some "meta BUG("your review process failed")"? :-)
Heh, yes, I was tempted to suggest that.
> > xsnprintf() is often a good choice, but not always
> > (e.g., if the destination isn't an array, we'd have to get the size from
> > somewhere else).
> >
> > I wouldn't be surprised if there's a way to ask coccinelle to convert
> > the easy cases and barf with an error on the hard cases or something. I
> > don't know the tool very well.
>
> I was just suggesting that tool as it is run on pu by some automation,
> hence it would not fall through the cracks. I mean how often to you
> happen to run git grep looking for strcpy on our code base and do we
> want to rely on that in the long run?
Clearly not often enough. :)
I probably do it once or twice a year, but the ideal is "as part of
testing every topic". It wouldn't be hard to script around "git grep" as
part of the DEVELOPER build), but I think that still turns up some false
positives. Not for strcpy() or sprintf(), but snprintf() for example is
easy to use badly but sometimes the correct tool. We also have an
strncpy() which would be easy to turn into memcpy(), but it's in the
compat/regex code, which preferably we wouldn't change.
There are also probably better tools than grep (i.e., that actually
parse C), but they may not be worth the overhead (though if we can reuse
cocci for this, that seems easy enough).
As an aside, I recently got introduced to Microsoft's SDL Banned
Function list:
https://msdn.microsoft.com/en-us/library/bb288454.aspx
They even hate memcpy! I'll grant that you _can_ use memcpy badly, but
it's often the right tool (and IMHO the C11 Annex.K memcpy_s() is not
much better).
-Peff
prev parent reply other threads:[~2018-07-13 21:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-13 20:43 [PATCH] blame: prefer xsnprintf to strcpy for colors Jeff King
2018-07-13 20:58 ` Stefan Beller
2018-07-13 21:04 ` Jeff King
2018-07-13 21:10 ` Stefan Beller
2018-07-13 21:29 ` Jeff King [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180713212934.GA19565@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).