git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
* [PATCH] banned.h: mark strncat() as banned
@ 2019-01-02  9:38 Eric Wong
  2019-01-02 18:00 ` Eric Sunshine
  2019-01-03  4:49 ` Jeff King
  0 siblings, 2 replies; 3+ messages in thread
From: Eric Wong @ 2019-01-02  9:38 UTC (permalink / raw)
  To: Jeff King, Junio C Hamano; +Cc: git

strncat() has the same quadratic behavior as strcat() and is
difficult-to-read and bug-prone.  While it hasn't yet been a
problem in git iself, strncat() found it's way into 'master'
of cgit and caused segfaults on my system.

Signed-off-by: Eric Wong <e@80x24.org>
---
 banned.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/banned.h b/banned.h
index 28f5937035..447af24807 100644
--- a/banned.h
+++ b/banned.h
@@ -16,6 +16,8 @@
 #define strcat(x,y) BANNED(strcat)
 #undef strncpy
 #define strncpy(x,y,n) BANNED(strncpy)
+#undef strncat
+#define strncat(x,y,n) BANNED(strncat)
 
 #undef sprintf
 #undef vsprintf
-- 
EW


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] banned.h: mark strncat() as banned
  2019-01-02  9:38 [PATCH] banned.h: mark strncat() as banned Eric Wong
@ 2019-01-02 18:00 ` Eric Sunshine
  2019-01-03  4:49 ` Jeff King
  1 sibling, 0 replies; 3+ messages in thread
From: Eric Sunshine @ 2019-01-02 18:00 UTC (permalink / raw)
  To: Eric Wong; +Cc: Jeff King, Junio C Hamano, Git List

On Wed, Jan 2, 2019 at 4:38 AM Eric Wong <e@80x24.org> wrote:
>
> strncat() has the same quadratic behavior as strcat() and is
> difficult-to-read and bug-prone.  While it hasn't yet been a
> problem in git iself, strncat() found it's way into 'master'

s/iself/itself/

> of cgit and caused segfaults on my system.
>
> Signed-off-by: Eric Wong <e@80x24.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] banned.h: mark strncat() as banned
  2019-01-02  9:38 [PATCH] banned.h: mark strncat() as banned Eric Wong
  2019-01-02 18:00 ` Eric Sunshine
@ 2019-01-03  4:49 ` Jeff King
  1 sibling, 0 replies; 3+ messages in thread
From: Jeff King @ 2019-01-03  4:49 UTC (permalink / raw)
  To: Eric Wong; +Cc: Junio C Hamano, git

On Wed, Jan 02, 2019 at 09:38:46AM +0000, Eric Wong wrote:

> strncat() has the same quadratic behavior as strcat() and is
> difficult-to-read and bug-prone.  While it hasn't yet been a
> problem in git iself, strncat() found it's way into 'master'
> of cgit and caused segfaults on my system.

I'm in favor of this.

It doesn't have the "oops, I didn't NUL-terminate for you" problem that
strncpy() has. But it actually has the opposite problem! It will always
place a NUL, and you have to feed it sizeof(dst)-1 to avoid an overflow.

So I think it's important for safety (though I'd be fine banning it on
the quadratic grounds alone ;) ).

-Peff

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-01-03  4:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-02  9:38 [PATCH] banned.h: mark strncat() as banned Eric Wong
2019-01-02 18:00 ` Eric Sunshine
2019-01-03  4:49 ` Jeff King

git@vger.kernel.org list mirror (unofficial, one of many)

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://public-inbox.org/git
	git clone --mirror http://ou63pmih66umazou.onion/git
	git clone --mirror http://czquwvybam4bgbro.onion/git
	git clone --mirror http://hjrcffqmbrq6wope.onion/git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 git git/ https://public-inbox.org/git \
		git@vger.kernel.org
	public-inbox-index git

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.public-inbox.org/inbox.comp.version-control.git
	nntp://7fh6tueqddpjyxjmgtdiueylzoqt6pt7hec3pukyptlmohoowvhde4yd.onion/inbox.comp.version-control.git
	nntp://ie5yzdi7fg72h7s4sdcztq5evakq23rdt33mfyfcddc5u3ndnw24ogqd.onion/inbox.comp.version-control.git
	nntp://4uok3hntl7oi7b4uf4rtfwefqeexfzil2w6kgk2jn5z2f764irre7byd.onion/inbox.comp.version-control.git
	nntp://news.gmane.io/gmane.comp.version-control.git
 note: .onion URLs require Tor: https://www.torproject.org/

code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git