diff options
author | rubidium <rubidium@openttd.org> | 2014-04-23 20:13:33 +0000 |
---|---|---|
committer | rubidium <rubidium@openttd.org> | 2014-04-23 20:13:33 +0000 |
commit | 0463dbdc9e5b39399765015c394e29dedaf7d041 (patch) | |
tree | 0d115f2027997f6c452d59d63919f9a6d05cb8be /src/safeguards.h | |
parent | 287ecd158249628a9b12aa5567e0e188499084f5 (diff) | |
download | openttd-0463dbdc9e5b39399765015c394e29dedaf7d041.tar.xz |
(svn r26482) -Codechange: add an include that allows us to undefine/redefine "unsafe" functions to prevent them from being used, and thus having to care about certain aspects of their return values
Diffstat (limited to 'src/safeguards.h')
-rw-r--r-- | src/safeguards.h | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/src/safeguards.h b/src/safeguards.h new file mode 100644 index 000000000..e4c8949f1 --- /dev/null +++ b/src/safeguards.h @@ -0,0 +1,67 @@ +/* $Id$ */ + +/* + * This file is part of OpenTTD. + * OpenTTD is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. + * OpenTTD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with OpenTTD. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * @file safeguards.h A number of safeguards to prevent using unsafe methods. + * + * Unsafe methods are, for example, strndup and strncpy because they may leave the + * string without a null termination, but also strdup and strndup because they can + * return NULL and then all strdups would need to be guarded against that instead + * of using the current MallocT/ReallocT/CallocT technique of just giving the user + * an error that too much memory was used instead of spreading that code though + * the whole code base. + */ + +#ifndef SAFEGUARDS_H +#define SAFEGUARDS_H + +/* Use MallocT instead. */ +#define malloc SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use MallocT instead. */ +#define calloc SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use ReallocT instead. */ +#define realloc SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use stredup instead. */ +//#define strdup SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use stredup instead. */ +//#define strndup SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use strecpy instead. */ +//#define strcpy SAFEGUARD_DO_NOT_USE_THIS_METHOD +//#define strncpy SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use strecat instead. */ +//#define strcat SAFEGUARD_DO_NOT_USE_THIS_METHOD +//#define strncat SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use seprintf instead. */ +//#define sprintf SAFEGUARD_DO_NOT_USE_THIS_METHOD +//#define snprintf SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use vseprintf instead. */ +//#define vsprintf SAFEGUARD_DO_NOT_USE_THIS_METHOD +//#define vsnprintf SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* Use fgets instead. */ +#define gets SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* No clear replacement. */ +//#define strtok SAFEGUARD_DO_NOT_USE_THIS_METHOD + +/* + * Possible future methods to mark unsafe, though needs more thought: + * - memcpy; when memory area overlaps it messes up, use memmove. + * - strlen: when the data is 'garbage', this could read beyond bounds. + */ + +#endif /* SAFEGUARDS_H */ |