builds: Add Microsoft's SDL and banned API list (#148)

5 files changed, 169 insertions, 21 deletions

diff --git a/cmake/arm.cmake b/cmake/arm.cmake
index 29bf3a8..0d20e27 100644
--- a/cmake/arm.cmake
+++ b/cmake/arm.cmake
@@ -45,6 +45,7 @@
 SET(ARM_COMPILE_OPTIONS -nostdlib -nodefaultlibs
     -fomit-frame-pointer
     -fno-builtin
+    -include "${CMAKE_SOURCE_DIR}/include/banned.h"
     -target thumbv7-none-eabi -mcpu=cortex-m3 -mfloat-abi=soft)
 SET(ARM_LINK_OPTIONS --gc-sections)
 # SET(CMAKE_EXE_LINKER_FLAGS -static)
diff --git a/cmake/mips.cmake b/cmake/mips.cmake
index 2aaea77..17c2f7b 100644
--- a/cmake/mips.cmake
+++ b/cmake/mips.cmake
@@ -42,7 +42,12 @@
 ### @endcond
 ################################################################################
 
-SET(MIPS_COMPILE_OPTIONS -nostdlib -nodefaultlibs -fomit-frame-pointer -target mips -mcpu=mips2 )
+SET(MIPS_COMPILE_OPTIONS
+    -nostdlib -nodefaultlibs
+    $<$<NOT:$<COMPILE_LANGUAGE:ASM>>:-fomit-frame-pointer>  # Don't include for ASM sources
+    -target mips -mcpu=mips2
+    $<$<NOT:$<COMPILE_LANGUAGE:ASM>>:-include "${CMAKE_SOURCE_DIR}/include/banned.h">
+)
 SET(MIPS_LINK_OPTIONS --gc-sections)
 # SET(CMAKE_EXE_LINKER_FLAGS -static)
 
diff --git a/include/banned.h b/include/banned.h
new file mode 100644
index 0000000..e4b7911
--- /dev/null
+++ b/include/banned.h
@@ -0,0 +1,162 @@
+/***
+* banned.h - list of Microsoft Security Development Lifecycle (SDL) banned APIs
+* Copyright (c) Microsoft Corporation. All rights reserved.
+*
+* Permission is hereby granted, free of charge, to any person obtaining a copy of this software
+* and associated documentation files (the "Software"), to deal in the Software without 
+* restriction, including without limitation the rights to use, copy, modify, merge, publish, 
+* distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the
+* Software is furnished to do so, subject to the following conditions:
+*
+* The above copyright notice and this permission notice shall be included in all copies or 
+* substantial portions of the Software.
+*
+* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 
+* INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 
+* PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
+* FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 
+* SOFTWARE.
+*
+* Purpose:
+*       This include file contains a list of banned APIs which should not be used in new code and 
+*       removed from legacy code over time.
+*
+* History
+* 01-Jan-2006 - mikehow  - Initial Version
+* 22-Apr-2008 - mikehow	 - Updated to SDL 4.1, commented out recommendations and added memcpy
+* 26-Jan-2009 - mikehow  - Updated to SDL 5.0, made the list sane, added SDL compliance levels
+* 10-Feb-2009 - mikehow  - Updated based on feedback from MS Office
+* 12-May-2009 - jpardue  - Added wmemcpy
+* 08-Jul-2009 - mikehow  - Fixed header #ifndef/#endif logic, made the SDL recommended compliance level name more obvious
+* 05-Nov-2009 - mikehow	 - Added vsnprintf (ANSI version of _vsnprintf)
+* 01-Jan-2010 - mikehow  - Added better strsafe integration, now the following works:
+*							#include "strsafe.h"
+*							#include "banned.h"
+* 04-Jun-2010 - mikehow  - Small "#if" bug fix
+* 16-Jun-2011 - mikehow	 - Added the two _CRT_SECURE_xxxxx macros
+* 07-Jul-2011 - mikehow  - Bugfix when using recommended banned functions and StrSafe. Locally surpressed C4005 warnings
+* 15-Jun-2012 - bryans   - Moved lstrlen to required banned; removed strlen, wcslen, _mbslen, _mbstrlen, StrLen from recommended banned
+* 01-Feb-2013 - martinwo - Added license to header
+* 09-Jan-2014 - mikehow  - Combined the current external and internal versions
+* 10-Feb-2015 - mikehow  - Added gcc/clang support (thanks to Ramsey Dow) 
+*                          Note that many of the APIs are Windows specific, however.
+* 18-May-2018 - mikehow  - Updated URL for info about the auto-migrate feature in VC++
+* 
+***/
+
+#ifndef _INC_BANNED
+#	define _INC_BANNED
+
+#	if defined(_MSC_VER)
+#		pragma once
+
+// Flip the 'auto-migrate' functionality in VC++
+// Some functions, such as strcpy() are changed to safer functions by the compiler
+// More info: https://docs.microsoft.com/en-us/cpp/c-runtime-library/secure-template-overloads
+#ifndef _SDL_DONT_AUTO_FIX
+
+#	pragma warning(push)
+#	pragma warning(disable: 4005) // Turns off macro redefinition warnings
+
+	// strcpy etc
+#	define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES			(1)
+
+	// memcpy etc
+#	define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES_MEMORY	(1)
+
+#	pragma warning(pop)
+
+#endif
+
+		// SDL 6.0 Requirements
+#		if defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)
+
+			// Only deprecate what's not already deprecated by StrSafe
+#			pragma deprecated (_mbscpy, _mbccpy)
+#			pragma deprecated (strcatA, strcatW, _mbscat, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat)
+#			pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
+#			pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
+#			pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
+#			pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
+#			pragma deprecated (lstrlen)
+
+#		else
+			// StrSafe not loaded, so deprecate everything!
+#			pragma deprecated (strcpy, strcpyA, strcpyW, wcscpy, _tcscpy, _mbscpy, StrCpy, StrCpyA, StrCpyW, lstrcpy, lstrcpyA, lstrcpyW, _tccpy, _mbccpy, _ftcscpy)
+#			pragma deprecated (strcat, strcatA, strcatW, wcscat, _tcscat, _mbscat, StrCat, StrCatA, StrCatW, lstrcat, lstrcatA, lstrcatW, StrCatBuff, StrCatBuffA, StrCatBuffW, StrCatChainW, _tccat, _mbccat, _ftcscat)
+#			pragma deprecated (sprintfW, sprintfA, wsprintf, wsprintfW, wsprintfA, sprintf, swprintf, _stprintf)
+#			pragma deprecated (wvsprintf, wvsprintfA, wvsprintfW, vsprintf, _vstprintf, vswprintf)
+#			pragma deprecated (strncpy, wcsncpy, _tcsncpy, _mbsncpy, _mbsnbcpy, StrCpyN, StrCpyNA, StrCpyNW, StrNCpy, strcpynA, StrNCpyA, StrNCpyW, lstrcpyn, lstrcpynA, lstrcpynW)
+#			pragma deprecated (strncat, wcsncat, _tcsncat, _mbsncat, _mbsnbcat, StrCatN, StrCatNA, StrCatNW, StrNCat, StrNCatA, StrNCatW, lstrncat, lstrcatnA, lstrcatnW, lstrcatn)
+#			pragma deprecated (gets, _getts, _gettws)
+#			pragma deprecated (IsBadWritePtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadHugeReadPtr, IsBadCodePtr, IsBadStringPtr)
+#			pragma deprecated (memcpy, RtlCopyMemory, CopyMemory, wmemcpy)
+#			pragma deprecated (lstrlen)
+#		endif //defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)
+
+		// SDL 6.0 Recommendations
+#		if defined(_SDL_BANNED_RECOMMENDED)
+#			if defined(_STRSAFE_H_INCLUDED_) && !defined(STRSAFE_NO_DEPRECATE)
+				// Only deprecate what's not already deprecated by StrSafe
+#				pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW)
+#				pragma deprecated (vsnprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
+#				pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
+#				pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
+#				pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
+#				pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
+#				pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
+#				pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
+#				pragma deprecated (alloca, _alloca)
+#				pragma deprecated (ChangeWindowMessageFilter)
+#			else
+				// StrSafe not loaded, so deprecate everything!
+#				pragma deprecated (wnsprintf, wnsprintfA, wnsprintfW, _snwprintf, _snprintf, _sntprintf)
+#				pragma deprecated (_vsnprintf, vsnprintf, _vsnwprintf, _vsntprintf, wvnsprintf, wvnsprintfA, wvnsprintfW)
+#				pragma deprecated (strtok, _tcstok, wcstok, _mbstok)
+#				pragma deprecated (makepath, _tmakepath,  _makepath, _wmakepath)
+#				pragma deprecated (_splitpath, _tsplitpath, _wsplitpath)
+#				pragma deprecated (scanf, wscanf, _tscanf, sscanf, swscanf, _stscanf, snscanf, snwscanf, _sntscanf)
+#				pragma deprecated (_itoa, _itow, _i64toa, _i64tow, _ui64toa, _ui64tot, _ui64tow, _ultoa, _ultot, _ultow)
+#				pragma deprecated (CharToOem, CharToOemA, CharToOemW, OemToChar, OemToCharA, OemToCharW, CharToOemBuffA, CharToOemBuffW)
+#				pragma deprecated (alloca, _alloca)
+#				pragma deprecated (ChangeWindowMessageFilter)
+#			endif // StrSafe
+#		endif // SDL recommended
+
+# else
+
+# if defined __clang__
+#		pragma clang system_header
+# endif // __clang__
+
+		// SDL 6.0 and later Requirements
+# 		pragma GCC poison strcpy strcpyA strcpyW wcscpy _tcscpy _mbscpy StrCpy StrCpyA StrCpyW lstrcpy lstrcpyA lstrcpyW _tccpy _mbccpy _ftcscpy
+#		pragma GCC poison strcat strcatA strcatW wcscat _tcscat _mbscat StrCat StrCatA StrCatW lstrcat lstrcatA lstrcatW StrCatBuff StrCatBuffA StrCatBuffW StrCatChainW _tccat _mbccat _ftcscat
+#		pragma GCC poison sprintfW sprintfA wsprintf wsprintfW wsprintfA sprintf swprintf _stprintf
+#		pragma GCC poison wvsprintf wvsprintfA wvsprintfW vsprintf _vstprintf vswprintf
+#		pragma GCC poison strncpy wcsncpy _tcsncpy _mbsncpy _mbsnbcpy StrCpyN StrCpyNA StrCpyNW StrNCpy strcpynA StrNCpyA StrNCpyW lstrcpyn lstrcpynA lstrcpynW
+#		pragma GCC poison strncat wcsncat _tcsncat _mbsncat _mbsnbcat StrCatN StrCatNA StrCatNW StrNCat StrNCatA StrNCatW lstrncat lstrcatnA lstrcatnW lstrcatn
+#		pragma GCC poison gets _getts _gettws
+#		pragma GCC poison IsBadWritePtr IsBadHugeWritePtr IsBadReadPtr IsBadHugeReadPtr IsBadCodePtr IsBadStringPtr
+#		pragma GCC poison memcpy RtlCopyMemory CopyMemory wmemcpy
+#		pragma GCC poison lstrlen
+
+#if		defined(_SDL_BANNED_RECOMMENDED)
+			// SDL 6.0 and later Recommendations
+#			pragma GCC poison wnsprintf wnsprintfA wnsprintfW _snwprintf _snprintf _sntprintf
+#			pragma GCC poison _vsnprintf vsnprintf _vsnwprintf _vsntprintf wvnsprintf wvnsprintfA wvnsprintfW
+#			pragma GCC poison strtok _tcstok wcstok _mbstok
+#			pragma GCC poison makepath _tmakepath _makepath _wmakepath
+#			pragma GCC poison _splitpath _tsplitpath _wsplitpath
+#			pragma GCC poison scanf wscanf _tscanf sscanf swscanf _stscanf snscanf snwscanf _sntscanf
+#			pragma GCC poison _itoa _itow _i64toa _i64tow _ui64toa _ui64tot _ui64tow _ultoa _ultot _ultow
+#			pragma GCC poison CharToOem CharToOemA CharToOemW OemToChar OemToCharA OemToCharW CharToOemBuffA CharToOemBuffW
+#			pragma GCC poison alloca _alloca
+#			pragma GCC poison ChangeWindowMessageFilter
+
+#endif
+#	endif // _MSC_VER_
+
+#endif  // _INC_BANNED
+
diff --git a/libs/printf/printf.c b/libs/printf/printf.c
index 6217c26..b37ce1f 100644
--- a/libs/printf/printf.c
+++ b/libs/printf/printf.c
@@ -1007,15 +1007,6 @@ int printf_(const char *format, ...)
     return ret;
 }
 
-int sprintf_(char *buffer, const char *format, ...)
-{
-    va_list va;
-    va_start(va, format);
-    const int ret = _vsnprintf(_out_buffer, buffer, (size_t)-1, format, va);
-    va_end(va);
-    return ret;
-}
-
 int snprintf_(char *buffer, size_t count, const char *format, ...)
 {
     va_list va;
diff --git a/libs/printf/printf.h b/libs/printf/printf.h
index de72d5c..4fc0ae8 100644
--- a/libs/printf/printf.h
+++ b/libs/printf/printf.h
@@ -63,17 +63,6 @@ int printf_(const char* format, ...);
 

 

 /**

- * Tiny sprintf implementation

- * Due to security reasons (buffer overflow) YOU SHOULD CONSIDER USING (V)SNPRINTF INSTEAD!

- * \param buffer A pointer to the buffer where to store the formatted string. MUST be big enough to store the output!

- * \param format A string that specifies the format of the output

- * \return The number of characters that are WRITTEN into the buffer, not counting the terminating null character

- */

-#define sprintf sprintf_ //lint !e828

-int sprintf_(char* buffer, const char* format, ...);

-

-

-/**

  * Tiny snprintf/vsnprintf implementation

  * \param buffer A pointer to the buffer where to store the formatted string

  * \param count The maximum number of characters to store in the buffer, including a terminating null character