From 2f72ad44fca689d3e0f4574e59e551443c406717 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 27 Jul 2020 14:28:37 +0200 Subject: [PATCH] checksrc: ban gmtime/localtime They're not thread-safe so they should not be used in libcurl code. Explictly enabled when deemed necessary and in examples and tests Reviewed-by: Nicolas Sterchele Closes #5732 --- docs/examples/.checksrc | 1 + lib/checksrc.pl | 3 ++- lib/parsedate.c | 3 ++- src/tool_cb_dbg.c | 3 ++- tests/libtest/.checksrc | 1 + tests/server/util.c | 1 + 6 files changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/examples/.checksrc b/docs/examples/.checksrc index c45678aae..dea90aaa1 100644 --- a/docs/examples/.checksrc +++ b/docs/examples/.checksrc @@ -1,2 +1,3 @@ disable TYPEDEFSTRUCT disable SNPRINTF +disable BANNEDFUNC diff --git a/lib/checksrc.pl b/lib/checksrc.pl index 97b8f9e1d..498da94bb 100755 --- a/lib/checksrc.pl +++ b/lib/checksrc.pl @@ -592,7 +592,8 @@ sub scanfile { # scan for use of banned functions if($l =~ /^(.*\W) - (gets| + (gmtime|localtime| + gets| strtok| v?sprintf| (str|_mbs|_tcs|_wcs)n?cat| diff --git a/lib/parsedate.c b/lib/parsedate.c index 585d7ea40..4c7a40c4c 100644 --- a/lib/parsedate.c +++ b/lib/parsedate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -624,6 +624,7 @@ CURLcode Curl_gmtime(time_t intime, struct tm *store) /* thread-safe version */ tm = (struct tm *)gmtime_r(&intime, store); #else + /* !checksrc! disable BANNEDFUNC 1 */ tm = gmtime(&intime); if(tm) *store = *tm; /* copy the pointed struct to the local copy */ diff --git a/src/tool_cb_dbg.c b/src/tool_cb_dbg.c index bb8c2635b..1c42db8a5 100644 --- a/src/tool_cb_dbg.c +++ b/src/tool_cb_dbg.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -65,6 +65,7 @@ int tool_debug_cb(CURL *handle, curl_infotype type, known_offset = 1; } secs = epoch_offset + tv.tv_sec; + /* !checksrc! disable BANNEDFUNC 1 */ now = localtime(&secs); /* not thread safe but we don't care */ msnprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld ", now->tm_hour, now->tm_min, now->tm_sec, (long)tv.tv_usec); diff --git a/tests/libtest/.checksrc b/tests/libtest/.checksrc index 24677d53e..37f790952 100644 --- a/tests/libtest/.checksrc +++ b/tests/libtest/.checksrc @@ -1 +1,2 @@ disable TYPEDEFSTRUCT +disable BANNEDFUNC diff --git a/tests/server/util.c b/tests/server/util.c index 8e76f0c9b..dccce596b 100644 --- a/tests/server/util.c +++ b/tests/server/util.c @@ -119,6 +119,7 @@ void logmsg(const char *msg, ...) known_offset = 1; } sec = epoch_offset + tv.tv_sec; + /* !checksrc! disable BANNEDFUNC 1 */ now = localtime(&sec); /* not thread safe but we don't care */ msnprintf(timebuf, sizeof(timebuf), "%02d:%02d:%02d.%06ld",