From 1fbfdf556f2abc708183caca53ae4e2881b46ae2 Mon Sep 17 00:00:00 2001
From: Jeff King <peff@peff.net>
Date: Tue, 1 Dec 2020 13:11:37 -0800
Subject: [PATCH 1/2] banned.h: mark non-reentrant gmtime, etc as banned

The traditional gmtime(), localtime(), ctime(), and asctime() functions
return pointers to shared storage. This means they're not thread-safe,
and they also run the risk of somebody holding onto the result across
multiple calls (where each call invalidates the previous result).

All callers should be using their reentrant counterparts.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 banned.h | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/banned.h b/banned.h
index 60a18d4403..ed11300bb2 100644
--- a/banned.h
+++ b/banned.h
@@ -29,4 +29,13 @@
 #define vsprintf(buf,fmt,arg) BANNED(vsprintf)
 #endif
 
+#undef gmtime
+#define gmtime(t) BANNED(gmtime)
+#undef localtime
+#define localtime(t) BANNED(localtime)
+#undef ctime
+#define ctime(t) BANNED(ctime)
+#undef asctime
+#define asctime(t) BANNED(asctime)
+
 #endif /* BANNED_H */

From 91aef030152d121f6b4bc3b933c696073ba073e2 Mon Sep 17 00:00:00 2001
From: Jeff King <peff@peff.net>
Date: Tue, 1 Dec 2020 13:11:38 -0800
Subject: [PATCH 2/2] banned.h: mark ctime_r() and asctime_r() as banned

The ctime_r() and asctime_r() functions are reentrant, but have
no check that the buffer we pass in is long enough (the manpage says it
"should have room for at least 26 bytes"). Since this is such an
easy-to-get-wrong interface, and since we have the much safer strftime()
as well as its more convenient strbuf_addftime() wrapper, let's ban both
of those.

Signed-off-by: Jeff King <peff@peff.net>
Reviewed-by: Taylor Blau <me@ttaylorr.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 banned.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/banned.h b/banned.h
index ed11300bb2..7ab4f2e492 100644
--- a/banned.h
+++ b/banned.h
@@ -35,7 +35,11 @@
 #define localtime(t) BANNED(localtime)
 #undef ctime
 #define ctime(t) BANNED(ctime)
+#undef ctime_r
+#define ctime_r(t, buf) BANNED(ctime_r)
 #undef asctime
 #define asctime(t) BANNED(asctime)
+#undef asctime_r
+#define asctime_r(t, buf) BANNED(asctime_r)
 
 #endif /* BANNED_H */