On Sat, 2023-04-01 at 22:41 +0530, Rajeev Bansal via Gcc-help wrote:
> Hi All,
>
> I am looking for if gcc has the capability to report unsafe/insecure
> functions used in a C Or CPP program? For example : if strcpy(), strcat(),
> alloca(), atoi() etc. are used in a program then gcc should raise a
> warning.
If most people believe they are dangerous, they will be marked with
__attribute__((deprecated)) in libc headers. Then GCC will emit a
warning with -Wdeprecated (enabled by default).
But libc is not a part of GCC. And before you start to wonder: no, a
patch deprecating these function will be rejected, please do not send
such a patch to libc-alpha.
There are still many valid uses of these functions and you cannot
deprecate them just because your will. "I think it's dangerous" is
different from "the function is inherently dangerous" or "most people
think it's dangerous".
If you don't want those functions in your project, you can create some
wrappers like:
__attribute__((deprecated)) static inline char *
_strcpy_do_not_use (char *dest, const char *src)
{
return strcpy (dest, src);
}
#define strcpy _strcpy_do_not_use
--
Xi Ruoyao <xry111@xxxxxxxxxxx>
School of Aerospace Science and Technology, Xidian University
