[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Fix building with glibc-2.16.6
From: |
Petr Písař |
Subject: |
[PATCH] Fix building with glibc-2.16.6 |
Date: |
Thu, 2 Aug 2012 18:03:07 +0200 |
Ported to sharutils-4.11.1 from gnulib commit:
>From 66712c23388e93e5c518ebc8515140fa0c807348 Mon Sep 17 00:00:00 2001
From: Eric Blake <address@hidden>
Date: Thu, 29 Mar 2012 13:30:41 -0600
Subject: [PATCH] stdio: don't assume gets any more
Gnulib intentionally does not have a gets module, and now that C11
and glibc have dropped it, we should be more proactive about warning
any user on a platform that still has a declaration of this dangerous
interface.
---
lib/stdio.in.h | 12 +++++++-----
m4/stdio_h.m4 | 4 ++--
m4/warn-on-use.m4 | 4 ++--
3 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/lib/stdio.in.h b/lib/stdio.in.h
index 57e93ba..6ab9c8b 100644
--- a/lib/stdio.in.h
+++ b/lib/stdio.in.h
@@ -176,10 +176,12 @@ _GL_WARN_ON_USE (fflush, "fflush is not always POSIX
compliant - "
#endif
/* It is very rare that the developer ever has full control of stdin,
- so any use of gets warrants an unconditional warning. Assume it is
- always declared, since it is required by C89. */
+ so any use of gets warrants an unconditional warning; besides, C11
+ removed it. */
#undef gets
+#if HAVE_RAW_DECL_GETS
_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+#endif
#if @GNULIB_FOPEN@
# if @REPLACE_FOPEN@
@@ -902,9 +904,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
# endif
#endif
-/* Some people would argue that sprintf should be handled like gets
- (for example, OpenBSD issues a link warning for both functions),
- since both can cause security holes due to buffer overruns.
+/* Some people would argue that all sprintf uses should be warned about
+ (for example, OpenBSD issues a link warning for it),
+ since it can cause security holes due to buffer overruns.
However, we believe that sprintf can be used safely, and is more
efficient than snprintf in those safe cases; and as proof of our
belief, we use sprintf in several gnulib modules. So this header
diff --git a/m4/stdio_h.m4 b/m4/stdio_h.m4
index 7f3ae56..990c616 100644
--- a/m4/stdio_h.m4
+++ b/m4/stdio_h.m4
@@ -34,9 +34,9 @@ AC_DEFUN([gl_STDIO_H],
dnl Check for declarations of anything we want to poison if the
dnl corresponding gnulib module is not in use, and which is not
- dnl guaranteed by C89.
+ dnl guaranteed by both C89 and C11.
gl_WARN_ON_USE_PREPARE([[#include <stdio.h>
- ]], [dprintf fpurge fseeko ftello getdelim getline popen renameat
+ ]], [dprintf fpurge fseeko ftello getdelim getline gets popen renameat
snprintf tmpfile vdprintf vsnprintf])
])
diff --git a/m4/warn-on-use.m4 b/m4/warn-on-use.m4
index e0d0f27..4b07efb 100644
--- a/m4/warn-on-use.m4
+++ b/m4/warn-on-use.m4
@@ -18,8 +18,8 @@ dnl with or without modifications, as long as this notice is
preserved.
# some systems declare functions in the wrong header, then INCLUDES
# should do likewise.
#
-# If you assume C89, then it is generally safe to assume declarations
-# for functions declared in that standard (such as gets) without
+# It is generally safe to assume declarations for functions declared
+# in the intersection of C89 and C11 (such as printf) without
# needing gl_WARN_ON_USE_PREPARE.
AC_DEFUN([gl_WARN_ON_USE_PREPARE],
[
--
1.7.11.2