diff --git a/src/safeguards.h b/src/safeguards.h index 02da05b918..09cfe9a919 100644 --- a/src/safeguards.h +++ b/src/safeguards.h @@ -40,7 +40,7 @@ #define strcat SAFEGUARD_DO_NOT_USE_THIS_METHOD #define strncat SAFEGUARD_DO_NOT_USE_THIS_METHOD -/* Use seprintf instead. */ +/* Use fmt::format instead. */ #define sprintf SAFEGUARD_DO_NOT_USE_THIS_METHOD #define snprintf SAFEGUARD_DO_NOT_USE_THIS_METHOD diff --git a/src/stdafx.h b/src/stdafx.h index 4056af22a7..ea90c310b0 100644 --- a/src/stdafx.h +++ b/src/stdafx.h @@ -90,10 +90,6 @@ #if defined(__GNUC__) || (defined(__clang__) && !defined(_MSC_VER)) # define NORETURN __attribute__ ((noreturn)) # define CDECL -# define __int64 long long - /* Warn about functions using 'printf' format syntax. First argument determines which parameter - * is the format string, second argument is start of values passed to printf. */ -# define WARN_FORMAT(string, args) __attribute__ ((format (printf, string, args))) # if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 7) # define FINAL final # else @@ -128,7 +124,6 @@ #if defined(__WATCOMC__) # define NORETURN # define CDECL -# define WARN_FORMAT(string, args) # define FINAL # define FALLTHROUGH # include @@ -170,7 +165,6 @@ # endif # define CDECL _cdecl -# define WARN_FORMAT(string, args) # define FINAL final /* fallthrough attribute, VS 2017 */ diff --git a/src/string.cpp b/src/string.cpp index 800efecb22..4795a226e7 100644 --- a/src/string.cpp +++ b/src/string.cpp @@ -21,7 +21,6 @@ #include #ifdef _MSC_VER -# include // required by vsnprintf implementation for MSVC # define strncasecmp strnicmp #endif @@ -44,10 +43,7 @@ # include "os/macosx/string_osx.h" #endif -/* The function vsnprintf is used internally to perform the required formatting - * tasks. As such this one must be allowed, and makes sure it's terminated. */ #include "safeguards.h" -#undef vsnprintf /** @@ -455,67 +451,6 @@ bool IsValidChar(WChar key, CharSetFilter afilter) } } -#ifdef _WIN32 -#if defined(_MSC_VER) && _MSC_VER < 1900 -/** - * Almost POSIX compliant implementation of \c vsnprintf for VC compiler. - * The difference is in the value returned on output truncation. This - * implementation returns size whereas a POSIX implementation returns - * size or more (the number of bytes that would be written to str - * had size been sufficiently large excluding the terminating null byte). - */ -int CDECL vsnprintf(char *str, size_t size, const char *format, va_list ap) -{ - if (size == 0) return 0; - - errno = 0; - int ret = _vsnprintf(str, size, format, ap); - - if (ret < 0) { - if (errno != ERANGE) { - /* There's a formatting error, better get that looked - * at properly instead of ignoring it. */ - NOT_REACHED(); - } - } else if ((size_t)ret < size) { - /* The buffer is big enough for the number of - * characters stored (excluding null), i.e. - * the string has been null-terminated. */ - return ret; - } - - /* The buffer is too small for _vsnprintf to write the - * null-terminator at its end and return size. */ - str[size - 1] = '\0'; - return (int)size; -} -#endif /* _MSC_VER */ - -#endif /* _WIN32 */ - -/** - * Safer implementation of snprintf; same as snprintf except: - * - last instead of size, i.e. replace sizeof with lastof. - * - return gives the amount of characters added, not what it would add. - * @param str buffer to write to up to last - * @param last last character we may write to - * @param format the formatting (see snprintf) - * @return the number of added characters - */ -int CDECL seprintf(char *str, const char *last, const char *format, ...) -{ - ptrdiff_t diff = last - str; - if (diff < 0) return 0; - - va_list ap; - - va_start(ap, format); - int ret = std::min(static_cast(diff), vsnprintf(str, diff + 1, format, ap)); - - va_end(ap); - return ret; -} - /* UTF-8 handling routines */ diff --git a/src/string_func.h b/src/string_func.h index 517ced814d..62f472d26f 100644 --- a/src/string_func.h +++ b/src/string_func.h @@ -7,18 +7,6 @@ /** * @file string_func.h Functions related to low-level strings. - * - * @note Be aware of "dangerous" string functions; string functions that - * have behaviour that could easily cause buffer overruns and such: - * - strncpy: does not '\0' terminate when input string is longer than - * the size of the output string. Use strecpy instead. - * - [v]snprintf: returns the length of the string as it would be written - * when the output is large enough, so it can be more than the size of - * the buffer and than can underflow size_t (uint-ish) which makes all - * subsequent snprintf alikes write outside of the buffer. Use - * [v]seprintf instead; it will return the number of bytes actually - * added so no [v]seprintf will cause outside of bounds writes. - * - [v]sprintf: does not bounds checking: use [v]seprintf instead. */ #ifndef STRING_FUNC_H @@ -33,8 +21,6 @@ char *strecpy(char *dst, const char *src, const char *last) NOACCESS(3); char *stredup(const char *src, const char *last = nullptr) NOACCESS(2); -int CDECL seprintf(char *str, const char *last, const char *format, ...) WARN_FORMAT(3, 4) NOACCESS(2); - std::string FormatArrayAsHex(span data); void StrMakeValidInPlace(char *str, const char *last, StringValidationSettings settings = SVS_REPLACE_WITH_QUESTION_MARK) NOACCESS(2);