Remove pragma allow_unsafe_buffers from base::CommandLine.
Mark methods which should then propagate UNSAFE_BUFFER_USAGE to callees with TODO()s in header, as this will be a large clean-up. Change-Id: I661d9412f167aadb403b0f3c30207255e274aca9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6259619 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Commit-Queue: Tom Sepez <tsepez@chromium.org> Cr-Commit-Position: refs/heads/main@{#1420686}
This commit is contained in:
Tom Sepez
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
08801f73c4
commit
8dce0f0ffe
@@ -2,11 +2,6 @@
|
|||||||
// Use of this source code is governed by a BSD-style license that can be
|
// Use of this source code is governed by a BSD-style license that can be
|
||||||
// found in the LICENSE file.
|
// found in the LICENSE file.
|
||||||
|
|
||||||
#ifdef UNSAFE_BUFFERS_BUILD
|
|
||||||
// TODO(crbug.com/40284755): Remove this and spanify to fix the errors.
|
|
||||||
#pragma allow_unsafe_buffers
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "base/command_line.h"
|
#include "base/command_line.h"
|
||||||
|
|
||||||
#include <algorithm>
|
#include <algorithm>
|
||||||
@@ -15,6 +10,7 @@
|
|||||||
#include <string_view>
|
#include <string_view>
|
||||||
|
|
||||||
#include "base/check_op.h"
|
#include "base/check_op.h"
|
||||||
|
#include "base/compiler_specific.h"
|
||||||
#include "base/containers/contains.h"
|
#include "base/containers/contains.h"
|
||||||
#include "base/containers/span.h"
|
#include "base/containers/span.h"
|
||||||
#include "base/debug/debugging_buildflags.h"
|
#include "base/debug/debugging_buildflags.h"
|
||||||
@@ -197,7 +193,8 @@ CommandLine::CommandLine(const FilePath& program) : argv_(1), begin_args_(1) {
|
|||||||
|
|
||||||
CommandLine::CommandLine(int argc, const CommandLine::CharType* const* argv)
|
CommandLine::CommandLine(int argc, const CommandLine::CharType* const* argv)
|
||||||
: argv_(1), begin_args_(1) {
|
: argv_(1), begin_args_(1) {
|
||||||
InitFromArgv(argc, argv);
|
// SAFETY: required from caller.
|
||||||
|
UNSAFE_BUFFERS(InitFromArgv(argc, argv));
|
||||||
}
|
}
|
||||||
|
|
||||||
CommandLine::CommandLine(const StringVector& argv) : argv_(1), begin_args_(1) {
|
CommandLine::CommandLine(const StringVector& argv) : argv_(1), begin_args_(1) {
|
||||||
@@ -254,7 +251,8 @@ void CommandLine::InitUsingArgvForTesting(int argc, const char* const* argv) {
|
|||||||
// On Windows we need to convert the command line arguments to std::wstring.
|
// On Windows we need to convert the command line arguments to std::wstring.
|
||||||
CommandLine::StringVector argv_vector;
|
CommandLine::StringVector argv_vector;
|
||||||
for (int i = 0; i < argc; ++i) {
|
for (int i = 0; i < argc; ++i) {
|
||||||
argv_vector.push_back(UTF8ToWide(argv[i]));
|
// SAFETY: required from caller.
|
||||||
|
argv_vector.push_back(UTF8ToWide(UNSAFE_BUFFERS(argv[i])));
|
||||||
}
|
}
|
||||||
current_process_commandline_->InitFromArgv(argv_vector);
|
current_process_commandline_->InitFromArgv(argv_vector);
|
||||||
}
|
}
|
||||||
@@ -273,7 +271,8 @@ bool CommandLine::Init(int argc, const char* const* argv) {
|
|||||||
#if BUILDFLAG(IS_WIN)
|
#if BUILDFLAG(IS_WIN)
|
||||||
current_process_commandline_->ParseFromString(::GetCommandLineW());
|
current_process_commandline_->ParseFromString(::GetCommandLineW());
|
||||||
#elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
|
#elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
|
||||||
current_process_commandline_->InitFromArgv(argc, argv);
|
// SAFETY: required from caller.
|
||||||
|
UNSAFE_BUFFERS(current_process_commandline_->InitFromArgv(argc, argv));
|
||||||
#else
|
#else
|
||||||
#error Unsupported platform
|
#error Unsupported platform
|
||||||
#endif
|
#endif
|
||||||
@@ -319,7 +318,8 @@ void CommandLine::InitFromArgv(int argc,
|
|||||||
const CommandLine::CharType* const* argv) {
|
const CommandLine::CharType* const* argv) {
|
||||||
StringVector new_argv;
|
StringVector new_argv;
|
||||||
for (int i = 0; i < argc; ++i) {
|
for (int i = 0; i < argc; ++i) {
|
||||||
new_argv.push_back(argv[i]);
|
// SAFETY: required from caller.
|
||||||
|
new_argv.push_back(UNSAFE_BUFFERS(argv[i]));
|
||||||
}
|
}
|
||||||
InitFromArgv(new_argv);
|
InitFromArgv(new_argv);
|
||||||
}
|
}
|
||||||
@@ -612,7 +612,7 @@ void CommandLine::ParseFromString(StringViewType command_line) {
|
|||||||
|
|
||||||
DPLOG_IF(FATAL, !args) << "CommandLineToArgvW failed on command line: "
|
DPLOG_IF(FATAL, !args) << "CommandLineToArgvW failed on command line: "
|
||||||
<< command_line;
|
<< command_line;
|
||||||
StringVector argv(args, args + num_args);
|
StringVector argv(args, UNSAFE_TODO(args + num_args));
|
||||||
InitFromArgv(argv);
|
InitFromArgv(argv);
|
||||||
raw_command_line_string_ = StringViewType();
|
raw_command_line_string_ = StringViewType();
|
||||||
LocalFree(args);
|
LocalFree(args);
|
||||||
|
|||||||
@@ -71,6 +71,7 @@ class BASE_EXPORT CommandLine {
|
|||||||
explicit CommandLine(const FilePath& program);
|
explicit CommandLine(const FilePath& program);
|
||||||
|
|
||||||
// Construct a new command line from an argument list.
|
// Construct a new command line from an argument list.
|
||||||
|
// TODO(tsepez): two-arg form should be UNSAFE_BUFFER_USAGE.
|
||||||
CommandLine(int argc, const CharType* const* argv);
|
CommandLine(int argc, const CharType* const* argv);
|
||||||
explicit CommandLine(const StringVector& argv);
|
explicit CommandLine(const StringVector& argv);
|
||||||
|
|
||||||
@@ -101,6 +102,7 @@ class BASE_EXPORT CommandLine {
|
|||||||
// CommandLineToArgvW to parse the command line and convert it back to
|
// CommandLineToArgvW to parse the command line and convert it back to
|
||||||
// argc and argv. Tests who don't want this dependency on shell32 and need
|
// argc and argv. Tests who don't want this dependency on shell32 and need
|
||||||
// to honor the arguments passed in should use this function.
|
// to honor the arguments passed in should use this function.
|
||||||
|
// TODO(tsepez): should be UNSAFE_BUFFER_USAGE.
|
||||||
static void InitUsingArgvForTesting(int argc, const char* const* argv);
|
static void InitUsingArgvForTesting(int argc, const char* const* argv);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -109,7 +111,8 @@ class BASE_EXPORT CommandLine {
|
|||||||
// don't trust the CRT's parsing of the command line, but it still must be
|
// don't trust the CRT's parsing of the command line, but it still must be
|
||||||
// called to set up the command line. Returns false if initialization has
|
// called to set up the command line. Returns false if initialization has
|
||||||
// already occurred, and true otherwise. Only the caller receiving a 'true'
|
// already occurred, and true otherwise. Only the caller receiving a 'true'
|
||||||
// return value should take responsibility for calling Reset.
|
// return value should take responsibility for calling Reset().
|
||||||
|
// TODO(tsepez): should be UNSAFE_BUFFER_USAGE.
|
||||||
static bool Init(int argc, const char* const* argv);
|
static bool Init(int argc, const char* const* argv);
|
||||||
|
|
||||||
// Destroys the current process CommandLine singleton. This is necessary if
|
// Destroys the current process CommandLine singleton. This is necessary if
|
||||||
@@ -128,6 +131,7 @@ class BASE_EXPORT CommandLine {
|
|||||||
static bool InitializedForCurrentProcess();
|
static bool InitializedForCurrentProcess();
|
||||||
|
|
||||||
// Initialize from an argv vector.
|
// Initialize from an argv vector.
|
||||||
|
// TODO(tsepez): two-arg form should be UNSAFE_BUFFER_USAGE.
|
||||||
void InitFromArgv(int argc, const CharType* const* argv);
|
void InitFromArgv(int argc, const CharType* const* argv);
|
||||||
void InitFromArgv(const StringVector& argv);
|
void InitFromArgv(const StringVector& argv);
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user