Switch branches/tags
Nothing to show
Clone or download
Latest commit fb90b9f Dec 3, 2013
Failed to load latest commit information.
README.md manual patch add from akesterson Dec 4, 2013
poison.h Fix tabs Nov 30, 2013



gcc-poison is a simple header file for developers to ban unsafe C/C++ functions from applications. It uses the #pragma GCC poison directive to define a number of identifiers (function names) as unsafe. Compilation will fail if these are present in your code.

Please see http://blog.leafsr.com/2013/12/gcc-poison.html for more information


Example usage

#include <stdio.h>
#include <string.h>
#include "gcc-poison.h"

int main(int argc, char *argv[]) {
   char buf[10];
   strcpy(buf, argv[1]);
   return 0;

$ gcc -o 2 2.c
1.c: In function ‘main’:
1.c:8:2: error: attempt to use poisoned "strcpy"

Excluding specific functions from poisoning

As pointed out in the GCC documentation (http://gcc.gnu.org/onlinedocs/cpp/Pragmas.html), "If a poisoned identifier appears as part of the expansion of a macro which was defined before the identifier was poisoned, it will not cause an error. This lets you poison an identifier without worrying about system headers defining macros that use it."

Here is an example of how to use gcc-poison.h but continue to allow the usage of the 'strcat' function, via a macro:

#define _unsafe_strcat strcat
#include "gcc-poison.h"

int main(void)
    char x[512];
    /* this will raise an error */
    strcat((char *)&x, "lol");
    /* ... while this will NOT raise an error */
    _unsafe_strcat((char *)&x, "lol");

Note that you must define any such macros BEFORE you include gcc-poison.h. This can be a handy way to allow developers to continue to use certain functions for which libc has no safe alternative, while forcing them to acknowledge that they are doing so unsafely.