`strtok_r()` is reentrant, but `strtok()` is not, meaning that using it is not thread-safe. `strtok()` has a couple of drawbacks that make it undesirable to have any new instances. In addition to being thread-unsafe, it also encourages confusing data flows, where `strtok()` may be called from multiple functions with its first argument as NULL, making it unclear from the immediate context which string is being tokenized. Now that we have removed all instances of `strtok()` from the tree, let's ban `strtok()` to avoid introducing new ones in the future. If new callers should arise, they can either use: - `string_list_split_in_place()`, - `string_list_split_in_place_multi()`, or - `strtok_r()`. Callers are encouraged to use either of the string_list functions when appropriate over `strtok_r()`, since the latter suffers from the same confusing data-flow problem as `strtok()` does. But callers may prefer `strtok_r()` when the number of tokens in a given string is unknown, and they want to split and process them one at a time, so `strtok_r()` is left off the banned.h list. Signed-off-by: Taylor Blau <me@xxxxxxxxxxxx> --- banned.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/banned.h b/banned.h index 6ccf46bc19..dd43ab3178 100644 --- a/banned.h +++ b/banned.h @@ -18,6 +18,8 @@ #define strncpy(x,y,n) BANNED(strncpy) #undef strncat #define strncat(x,y,n) BANNED(strncat) +#undef strtok +#define strtok(x,y) BANNED(strtok) #undef sprintf #undef vsprintf -- 2.40.0.358.g56d2318a6d
