diff options
| author | Soby Mathew <soby.mathew@arm.com> | 2019-07-01 13:21:23 +0000 |
|---|---|---|
| committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2019-07-01 13:21:23 +0000 |
| commit | 0d220b3519264f6a25139ce734dc8b6d1cc4428f (patch) | |
| tree | 3ed604697abd71ff38c964e876eeb145f40b580d /docs | |
| parent | 39c92b6271f4bde4e84f2459dbc18228cedd7825 (diff) | |
| parent | 2aca35fd9b37f6c2482f8d807267400d18d17830 (diff) | |
Merge changes from topic "banned_api_list" into integration
* changes:
Fix the License header template in imx_aipstz.c
docs: Add the list of banned/use with caution APIs
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/process/coding-guidelines.rst | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst index d524d733..093d66be 100644 --- a/docs/process/coding-guidelines.rst +++ b/docs/process/coding-guidelines.rst @@ -263,6 +263,41 @@ a warning for this. Existing typedefs will be retained for compatibility. +Libc functions that are banned or to be used with caution +--------------------------------------------------------- + +Below is a list of functions that present security risks and either must not be +used (Banned) or are discouraged from use and must be used with care (Caution). + ++------------------------+-----------+--------------------------------------+ +| libc function | Status | Comments | ++========================+===========+======================================+ +| ``strcpy, wcscpy`` | Banned | use strlcpy instead | +| ``strncpy`` | | | ++------------------------+-----------+--------------------------------------+ +| ``strcat, wcscat`` | Banned | use strlcat instead | +| ``strncat`` | | | ++----------------------- +-----------+--------------------------------------+ +| ``sprintf, vsprintf`` | Banned | use snprintf, vsnprintf | +| | | instead | ++---------------------- -+-----------+--------------------------------------+ +| ``snprintf`` | Caution | ensure result fits in buffer | +| | | i.e : snprintf(buf,size...) < size | ++------------------------+-----------+--------------------------------------+ +| ``vsnprintf`` | Caution | inspect va_list match types | +| | | specified in format string | ++------------------------+-----------+--------------------------------------+ +| ``strtok`` | Banned | use strtok_r or strsep instead | ++------------------------+-----------+--------------------------------------+ +| ``strtok_r, strsep`` | Caution | inspect for terminated input buffer | ++------------------------+-----------+--------------------------------------+ +| ``ato*`` | Banned | use equivalent strto* functions | ++------------------------+-----------+--------------------------------------+ +| ``*toa`` | Banned | Use snprintf instead | ++------------------------+-----------+--------------------------------------+ + +The `libc` component in the codebase will not add support for the banned APIs. + Error handling and robustness ----------------------------- |