Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-26 14:55:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge changes from topic "banned_api_list" into integration

Browse source 
* changes:
  Fix the License header template in imx_aipstz.c
  docs: Add the list of banned/use with caution APIs
This commit is contained in:
Soby Mathew 2019-07-01 13:21:23 +00:00 committed by TrustedFirmware Code Review
commit 0d220b3519
2 changed files with 37 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
docs/process/coding-guidelines.rst
View file

@ -263,6 +263,41 @@ a warning for this.
Existing typedefs will be retained for compatibility. Existing typedefs will be retained for compatibility.
Libc functions that are banned or to be used with caution
---------------------------------------------------------
Below is a list of functions that present security risks and either must not be
used (Banned) or are discouraged from use and must be used with care (Caution).
+------------------------+-----------+--------------------------------------+
| libc function | Status | Comments |
+========================+===========+======================================+
| ``strcpy, wcscpy`` | Banned | use strlcpy instead |
| ``strncpy`` | | |
+------------------------+-----------+--------------------------------------+
| ``strcat, wcscat`` | Banned | use strlcat instead |
| ``strncat`` | | |
+----------------------- +-----------+--------------------------------------+
| ``sprintf, vsprintf`` | Banned | use snprintf, vsnprintf |
| | | instead |
+---------------------- -+-----------+--------------------------------------+
| ``snprintf`` | Caution | ensure result fits in buffer |
| | | i.e : snprintf(buf,size...) < size |
+------------------------+-----------+--------------------------------------+
| ``vsnprintf`` | Caution | inspect va_list match types |
| | | specified in format string |
+------------------------+-----------+--------------------------------------+
| ``strtok`` | Banned | use strtok_r or strsep instead |
+------------------------+-----------+--------------------------------------+
| ``strtok_r, strsep`` | Caution | inspect for terminated input buffer |
+------------------------+-----------+--------------------------------------+
| ``ato*`` | Banned | use equivalent strto* functions |
+------------------------+-----------+--------------------------------------+
| ``*toa`` | Banned | Use snprintf instead |
+------------------------+-----------+--------------------------------------+
The `libc` component in the codebase will not add support for the banned APIs.
Error handling and robustness Error handling and robustness
----------------------------- -----------------------------

4
plat/imx/imx8m/imx_aipstz.c
View file

@ -1,7 +1,7 @@
/* /*
* copyright (c) 2019, arm limited and contributors. all rights reserved. * Copyright (c) 2019, Arm Limited and Contributors. All rights reserved.
* *
* spdx-license-identifier: bsd-3-clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
#include <lib/mmio.h> #include <lib/mmio.h>