From: Jeff King <peff@peff.net>
To: Stefan Beller <sbeller@google.com>
Cc: git <git@vger.kernel.org>
Subject: Re: [PATCH 1/2] introduce "banned function" list
Date: Thu, 19 Jul 2018 20:54:04 -0400 [thread overview]
Message-ID: <20180720005404.GA2179@sigill.intra.peff.net> (raw)
In-Reply-To: <CAGZ79kaqgF5zNC0X5+EnuPhYiaav9JiSsgeXF=deryS3sKYq2A@mail.gmail.com>
On Thu, Jul 19, 2018 at 02:47:35PM -0700, Stefan Beller wrote:
> > But that may be overly paranoid. Once upon a time there was some rules
> > lawyering around CodingGuidelines, but I think that was successfully
> > shut down and hasn't reared its head for several years.
>
> Heh; My preference would be to keep docs as short and concise as
> possible (and lawyering sounds like "verbosity is a feature" :-P) but
> still giving advice on controversial (i.e. not enforced by a machine in
> a deterministic fashion) things such as having braces around one
> statement for example or leaving them out.
I think we literally had somebody say "I don't have to abide by this in
a review because it wasn't in CodingGuidelines." But then, that is
perhaps indicative of other problems.
> So maybe I would have rather asked, why we start out with these two
> functions. And you seem to call them "obviously bad", and you take both
> of them because they need to be handled differently due to the variadic macros.
> (And those two are "obviously worse" than strcat, as they are used more often.
> But strcat, being on MS ban list[1], would do just as fine)
Ooh, strcat is another one that should be added.
I actually thought about splitting it into three commits (introduce
mechanism, then one per function), but it felt like stringing it out.
You are probably right, though, that each function deserves its own
explanation. And the commit message is already quite long.
> > We'll include strcpy() and sprintf() in the initial list of banned
> > functions. While these _can_ be used carefully by surrounding them
> > with extra code, there's no inherent check that the size of the
> > destination buffer is big enough, it's very easy to overflow the
> > buffer.
>
> Sounds good to me, maybe even add "We've had problems with that
> in the past, see 'git log -S strcpy'", but that may be too much again.
Actually, that's a good point. We've had actual bugs due strcpy(). I can
similarly point to bad uses of strcat().
I think I have sufficient fodder for a re-roll along these lines
(assuming we like the idea at all; Junio seemed to have some
reservations, but I'll reply there separately).
-Peff
next prev parent reply other threads:[~2018-07-20 0:54 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-19 20:33 [PATCH 0/2] fail compilation with strcpy Jeff King
2018-07-19 20:39 ` [PATCH 1/2] introduce "banned function" list Jeff King
2018-07-19 21:11 ` Eric Sunshine
2018-07-19 21:27 ` Jeff King
2018-07-19 21:59 ` Eric Sunshine
2018-07-20 0:55 ` Jeff King
2018-07-19 21:15 ` Stefan Beller
2018-07-19 21:32 ` Jeff King
2018-07-19 21:47 ` Stefan Beller
2018-07-20 0:54 ` Jeff King [this message]
2018-07-19 22:46 ` Junio C Hamano
2018-07-19 23:55 ` Randall S. Becker
2018-07-20 1:08 ` Jeff King
2018-07-20 1:12 ` Jeff King
2018-07-20 9:32 ` Junio C Hamano
2018-07-20 17:45 ` Jeff King
2018-07-20 13:22 ` Theodore Y. Ts'o
2018-07-20 17:56 ` Jeff King
2018-07-20 19:03 ` Junio C Hamano
2018-07-20 12:42 ` Derrick Stolee
2018-07-20 14:41 ` Duy Nguyen
2018-07-20 17:48 ` Elijah Newren
2018-07-20 18:04 ` Jeff King
2018-07-20 18:00 ` Jeff King
2018-07-19 20:39 ` [PATCH 2/2] banned.h: mark strncpy as banned Jeff King
2018-07-19 21:12 ` Ævar Arnfjörð Bjarmason
2018-07-19 21:33 ` Jeff King
2018-07-20 18:58 ` [PATCH 0/2] fail compilation with strcpy Junio C Hamano
2018-07-20 19:18 ` Jeff King
2018-07-20 21:50 ` Junio C Hamano
2018-07-24 9:23 ` [PATCH v2 0/4] " Jeff King
2018-07-24 9:26 ` [PATCH v2 1/4] automatically ban strcpy() Jeff King
2018-07-24 17:20 ` Eric Sunshine
2018-07-26 6:58 ` Jeff King
2018-07-26 7:21 ` [PATCH v3 " Jeff King
2018-07-26 17:33 ` Junio C Hamano
2018-07-27 8:08 ` Jeff King
2018-07-27 17:34 ` Junio C Hamano
2018-07-28 9:24 ` Jeff King
2018-07-24 9:26 ` [PATCH v2 2/4] banned.h: mark strcat() as banned Jeff King
2018-07-24 9:27 ` [PATCH v2 3/4] banned.h: mark sprintf() " Jeff King
2018-07-24 9:28 ` [PATCH v2 4/4] banned.h: mark strncpy() " Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180720005404.GA2179@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=sbeller@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).