Product Promotion
0x5a.live
for different kinds of informations and explorations.
GitHub - leafsr/gcc-poison: gcc-poison
gcc-poison. Contribute to leafsr/gcc-poison development by creating an account on GitHub.
Visit SiteGitHub - leafsr/gcc-poison: gcc-poison
gcc-poison. Contribute to leafsr/gcc-poison development by creating an account on GitHub.
Powered by 0x5a.live ๐
gcc-poison
gcc-poison is a simple header file for developers to ban unsafe C/C++ functions from applications. It uses the #pragma GCC poison directive to define a number of identifiers (function names) as unsafe. Compilation will fail if these are present in your code.
Please see http://blog.leafsr.com/2013/12/gcc-poison.html for more information
Example usage
#include <stdio.h>
#include <string.h>
#include "gcc-poison.h"
int main(int argc, char *argv[]) {
char buf[10];
strcpy(buf, argv[1]);
return 0;
}
$ gcc -o 2 2.c
1.c: In function โmainโ:
1.c:8:2: error: attempt to use poisoned "strcpy"
Excluding specific functions from poisoning
As pointed out in the GCC documentation (http://gcc.gnu.org/onlinedocs/cpp/Pragmas.html), "If a poisoned identifier appears as part of the expansion of a macro which was defined before the identifier was poisoned, it will not cause an error. This lets you poison an identifier without worrying about system headers defining macros that use it."
Here is an example of how to use gcc-poison.h but continue to allow the usage of the 'strcat' function, via a macro:
#define _unsafe_strcat strcat
#include "gcc-poison.h"
int main(void)
{
char x[512];
/* this will raise an error */
strcat((char *)&x, "lol");
/* ... while this will NOT raise an error */
_unsafe_strcat((char *)&x, "lol");
}
Note that you must define any such macros BEFORE you include gcc-poison.h. This can be a handy way to allow developers to continue to use certain functions for which libc has no safe alternative, while forcing them to acknowledge that they are doing so unsafely.
C++ Programming Resources
are all listed below.
Made with โค๏ธ
to provide different kinds of informations and resources.