1 This patch is needed to allow builds with newer versions of
5 commit 66712c23388e93e5c518ebc8515140fa0c807348
6 Author: Eric Blake <eblake@redhat.com>
7 Date: Thu Mar 29 13:30:41 2012 -0600
9 stdio: don't assume gets any more
11 Gnulib intentionally does not have a gets module, and now that C11
12 and glibc have dropped it, we should be more proactive about warning
13 any user on a platform that still has a declaration of this dangerous
16 * m4/stdio_h.m4 (gl_STDIO_H, gl_STDIO_H_DEFAULTS): Drop gets
18 * modules/stdio (Makefile.am): Likewise.
19 * lib/stdio-read.c (gets): Likewise.
20 * tests/test-stdio-c++.cc: Likewise.
21 * m4/warn-on-use.m4 (gl_WARN_ON_USE_PREPARE): Fix comment.
22 * lib/stdio.in.h (gets): Make warning occur in more places.
23 * doc/posix-functions/gets.texi (gets): Update documentation.
24 Reported by Christer Solskogen.
26 Signed-off-by: Eric Blake <eblake@redhat.com>
28 diff --git a/lib/stdio.in.h b/lib/stdio.in.h
29 index aa7b599..c377b6e 100644
32 @@ -698,22 +698,11 @@ _GL_WARN_ON_USE (getline, "getline is unportable - "
37 -# if @REPLACE_STDIO_READ_FUNCS@ && @GNULIB_STDIO_H_NONBLOCKING@
38 -# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
40 -# define gets rpl_gets
42 -_GL_FUNCDECL_RPL (gets, char *, (char *s) _GL_ARG_NONNULL ((1)));
43 -_GL_CXXALIAS_RPL (gets, char *, (char *s));
45 -_GL_CXXALIAS_SYS (gets, char *, (char *s));
48 -_GL_CXXALIASWARN (gets);
49 /* It is very rare that the developer ever has full control of stdin,
50 - so any use of gets warrants an unconditional warning. Assume it is
51 - always declared, since it is required by C89. */
52 + so any use of gets warrants an unconditional warning; besides, C11
55 +#if HAVE_RAW_DECL_GETS
56 _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
59 @@ -1053,9 +1042,9 @@ _GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
63 -/* Some people would argue that sprintf should be handled like gets
64 - (for example, OpenBSD issues a link warning for both functions),
65 - since both can cause security holes due to buffer overruns.
66 +/* Some people would argue that all sprintf uses should be warned about
67 + (for example, OpenBSD issues a link warning for it),
68 + since it can cause security holes due to buffer overruns.
69 However, we believe that sprintf can be used safely, and is more
70 efficient than snprintf in those safe cases; and as proof of our
71 belief, we use sprintf in several gnulib modules. So this header