From: Jeff King <peff@peff.net>
To: Stefan Beller <sbeller@google.com>
Cc: git <git@vger.kernel.org>
Subject: Re: [PATCH 1/2] introduce "banned function" list
Date: Thu, 19 Jul 2018 17:32:23 -0400 [thread overview]
Message-ID: <20180719213222.GB13151@sigill.intra.peff.net> (raw)
In-Reply-To: <CAGZ79ka1yHb-485xc-sAK5iVkeyWJq4Q2g-7jzEgHuVUWLBXKg@mail.gmail.com>
On Thu, Jul 19, 2018 at 02:15:54PM -0700, Stefan Beller wrote:
> > Documentation/CodingGuidelines | 3 +++
>
> I'd prefer to not add more text to our documentation
> (It is already long and in case you run into this problem
> the error message is clear enough IMHO)
I'm fine with that too. I just wondered if somebody would complain in
the opposite way: your patch enforces this, but we never made it an
"official" guideline.
But that may be overly paranoid. Once upon a time there was some rules
lawyering around CodingGuidelines, but I think that was successfully
shut down and hasn't reared its head for several years.
> > +#define strcpy(x,y) BANNED(strcpy)
> > +
> > +#ifdef HAVE_VARIADIC_MACROS
>
> In a split second I thought you forgot sprintf that was
> mentioned in the commit message, but then I kept on reading
> just to find it here. I wonder if we want put this #ifdef at the
> beginning of the file (after the guard) as then we can have
> a uncluttered list of banned functions here. The downside is that
> the use of strcpy would not be banned in case you have no
> variadic macros, but we'd still catch it quickly as most people
> have them. Undecided.
Right, exactly. We should catch what we can on lesser platforms, and
everything on modern ones. My hope is that people would not generally
have to touch this file. I don't think we'll be adding banned functions
often.
> Regarding the introduction of the functions to this list,
> I would imagine people would find the commit that introduced
> a function to the ban list to look for a reason why.
> Can we include a link[1] to explain why we discourage
> strcpy and sprintf in this commit?
I hoped that it was mostly common knowledge, but that's probably not a
good assumption. I agree if there's a good reference, we should link to
it.
> [1] https://www.thegeekstuff.com/2013/06/buffer-overflow/?utm_source=feedly
> This is the best I found. So not sure if it worth it.
Yeah, this one is so-so, because it goes into a lot more detail. I think
we can assume that people know that overflowing a buffer is bad. Maybe
just a short paragraph like:
We'll include strcpy() and sprintf() in the initial list of banned
functions. While these _can_ be used carefully by surrounding them
with extra code, there's no inherent check that the size of the
destination buffer is big enough, it's very easy to overflow the
buffer.
-Peff
next prev parent reply other threads:[~2018-07-19 21:32 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 20:33 [PATCH 0/2] fail compilation with strcpy Jeff King
2018-07-19 20:39 ` [PATCH 1/2] introduce "banned function" list Jeff King
2018-07-19 21:11 ` Eric Sunshine
2018-07-19 21:27 ` Jeff King
2018-07-19 21:59 ` Eric Sunshine
2018-07-20 0:55 ` Jeff King
2018-07-19 21:15 ` Stefan Beller
2018-07-19 21:32 ` Jeff King [this message]
2018-07-19 21:47 ` Stefan Beller
2018-07-20 0:54 ` Jeff King
2018-07-19 22:46 ` Junio C Hamano
2018-07-19 23:55 ` Randall S. Becker
2018-07-20 1:08 ` Jeff King
2018-07-20 1:12 ` Jeff King
2018-07-20 9:32 ` Junio C Hamano
2018-07-20 17:45 ` Jeff King
2018-07-20 13:22 ` Theodore Y. Ts'o
2018-07-20 17:56 ` Jeff King
2018-07-20 19:03 ` Junio C Hamano
2018-07-20 12:42 ` Derrick Stolee
2018-07-20 14:41 ` Duy Nguyen
2018-07-20 17:48 ` Elijah Newren
2018-07-20 18:04 ` Jeff King
2018-07-20 18:00 ` Jeff King
2018-07-19 20:39 ` [PATCH 2/2] banned.h: mark strncpy as banned Jeff King
2018-07-19 21:12 ` Ævar Arnfjörð Bjarmason
2018-07-19 21:33 ` Jeff King
2018-07-20 18:58 ` [PATCH 0/2] fail compilation with strcpy Junio C Hamano
2018-07-20 19:18 ` Jeff King
2018-07-20 21:50 ` Junio C Hamano
2018-07-24 9:23 ` [PATCH v2 0/4] " Jeff King
2018-07-24 9:26 ` [PATCH v2 1/4] automatically ban strcpy() Jeff King
2018-07-24 17:20 ` Eric Sunshine
2018-07-26 6:58 ` Jeff King
2018-07-26 7:21 ` [PATCH v3 " Jeff King
2018-07-26 17:33 ` Junio C Hamano
2018-07-27 8:08 ` Jeff King
2018-07-27 17:34 ` Junio C Hamano
2018-07-28 9:24 ` Jeff King
2018-07-24 9:26 ` [PATCH v2 2/4] banned.h: mark strcat() as banned Jeff King
2018-07-24 9:27 ` [PATCH v2 3/4] banned.h: mark sprintf() " Jeff King
2018-07-24 9:28 ` [PATCH v2 4/4] banned.h: mark strncpy() " Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180719213222.GB13151@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).