From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from xry111.site (xry111.site [IPv6:2001:470:683e::1]) by sourceware.org (Postfix) with ESMTPS id 125343858D32 for ; Sat, 1 Apr 2023 18:50:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 125343858D32 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=xry111.site Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=xry111.site DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site; s=default; t=1680375023; bh=x6hzRlpu4Rd+4EUDfInJHdyQEZN5nN2FZtkz5WXIZe0=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=k5MkyFH1zKMjR9SDLjBuz3JcqirYCo+rOfiN/cGgGSFiHN5jrVfOl9M0KdK62Dcv3 XCGesgaFZ8GjZElLrEYVMyhrr7y5OmRGBtCvuGTYcQg/IBReuMifg+cRoS+TPa+2qI X80jgGGIv8sdPyieKTYy2qj3VfjzM6eLRcd7S22w= Received: from localhost.localdomain (xry111.site [IPv6:2001:470:683e::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) (Authenticated sender: xry111@xry111.site) by xry111.site (Postfix) with ESMTPSA id 749B46639E; Sat, 1 Apr 2023 14:50:23 -0400 (EDT) Message-ID: <1f13d81fd5b026e75254f2988f9296875e4aa0f2.camel@xry111.site> Subject: Re: Warning for unsafe/insecure functions From: Xi Ruoyao To: Rajeev Bansal Cc: gcc-help Date: Sun, 02 Apr 2023 02:50:21 +0800 In-Reply-To: References: <6dc16e33-647e-5bf5-4025-3e10141aaa66@jguk.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.0 MIME-Version: 1.0 X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,LIKELY_SPAM_FROM,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Sat, 2023-04-01 at 22:41 +0530, Rajeev Bansal via Gcc-help wrote: > =C2=A0Hi All, >=20 > =C2=A0 I am looking for if gcc has the capability to report unsafe/insecu= re > functions used in a C Or CPP program? For example : if strcpy(), strcat()= , > alloca(), atoi() etc. are used in a program then gcc should raise a > warning. If most people believe they are dangerous, they will be marked with __attribute__((deprecated)) in libc headers. Then GCC will emit a warning with -Wdeprecated (enabled by default). But libc is not a part of GCC. And before you start to wonder: no, a patch deprecating these function will be rejected, please do not send such a patch to libc-alpha. There are still many valid uses of these functions and you cannot deprecate them just because your will. "I think it's dangerous" is different from "the function is inherently dangerous" or "most people think it's dangerous". If you don't want those functions in your project, you can create some wrappers like: __attribute__((deprecated)) static inline char * _strcpy_do_not_use (char *dest, const char *src) { return strcpy (dest, src); } #define strcpy _strcpy_do_not_use --=20 Xi Ruoyao School of Aerospace Science and Technology, Xidian University