chromium/src
0
Fork 0
Code

Suppress still another batch of -Wunsafe-buffers-in-libc-calls warnings.

Browse Source 
These are mainly win-specific files this time around.

Bug: 390223051
Change-Id: I07b378500b76896ddb28cf52d4ad2d2d77d0b7f4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6369920
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Owners-Override: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1436413}
This commit is contained in:
Tom Sepez 2025-03-21 20:43:59 -07:00 committed by Chromium LUCI CQ
parent acb6419973
commit 978847c229
67 changed files with 214 additions and 115 deletions
base
debug
stack_trace_win.cc
files
file_enumerator_win.ccfile_util_win.cc
i18n
icu_util.cc
message_loop
message_pump_win.cc
process
process_iterator_win.cc
sync_socket_win.cc
test
file_path_reparse_point_win.cctest_file_util_win.cc
win
hstring_reference.ccpatch_util.ccsecurity_descriptor.ccwinrt_storage_util.cc
chrome
browser
media/router/discovery/test_support/win
fake_ip_adapter_addresses.cc
os_crypt
app_bound_encryption_win.cc
chrome_elf
chrome_elf_main.cc
common/win
delay_load_failure_hook.cc
credential_provider
gaiacp
os_gaia_user_manager.ccscoped_lsa_policy.cc
setup
setup.cc
elevation_service
elevator.ccservice_main_unittest.cc
install_static
install_details.cc
installer
setup
installer_state_unittest.ccsetup_util_unittest.cc
util
install_service_work_item_unittest.cc
test/chromedriver
keycode_text_conversion_win.cc
updater/util
win_util.cc
components
crash/core/app
fallback_crash_handler_win_unittest.cc
named_mojo_ipc_server
named_mojo_server_endpoint_connector_win.cc
winhttp
scoped_winttp_proxy_info.h
device
base
device_info_query_win.ccdevice_monitor_win.cc
bluetooth
bluetooth_socket_win.cc
media
cdm/win
media_foundation_cdm_util.cc
gpu/windows
d3d12_video_processor_wrapper.cc
mojo
core/test
test_utils_win.cc
public/cpp/platform
platform_channel_server_win.cc
net
base
network_change_notifier_win.cc
dns
dns_config_service_win.cc
public
win_dns_system_settings.cc
remoting/host
desktop_display_info_loader_win.ccinput_injector_win.cctouch_injector_win.cc
rlz/win/lib
rlz_lib_win.cc
sandbox/win
src
lpc_policy_test.ccpolicy_opcodes_unittest.ccpolicy_target_test.ccprocess_mitigations_extensionpoints_unittest.ccprocess_policy_test.ccservice_resolver_64.ccservice_resolver_unittest.cc
tests/common
test_utils.cc
services/device/usb
usb_device_handle_win.cc
skia/ext
raster_handle_allocator_win.cc
ui
base/ime/win
on_screen_keyboard_display_manager_tab_tip.cc
display/win
color_profile_reader.ccdisplay_config_helper.ccdisplay_info.ccscreen_win.cc
events
event_utils.h
win
stylus_handwriting_properties_win.cc
gfx
gdi_util.ccsystem_fonts_win.ccsystem_fonts_win_unittest.cc
win
physical_size.ccwindow_impl.cc

7
base/debug/stack_trace_win.cc

@ -14,6 +14,7 @@
#include <iterator>
#include <memory>
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/memory/singleton.h"
@ -266,7 +267,7 @@ class SymbolContext {
ULONG64 buffer[(sizeof(SYMBOL_INFO) + kMaxNameLength * sizeof(wchar_t) +
sizeof(ULONG64) - 1) /
sizeof(ULONG64)];
memset(buffer, 0, sizeof(buffer));
UNSAFE_TODO(memset(buffer, 0, sizeof(buffer)));
// Initialize symbol information retrieval structures.
DWORD64 sym_displacement = 0;
@ -346,14 +347,14 @@ void StackTrace::InitTrace(const CONTEXT* context_record) {
// context may have had more register state (YMM, etc) than we need to unwind
// the stack. Typically StackWalk64 only needs integer and control registers.
CONTEXT context_copy;
memcpy(&context_copy, context_record, sizeof(context_copy));
UNSAFE_TODO(memcpy(&context_copy, context_record, sizeof(context_copy)));
context_copy.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;
// When walking an exception stack, we need to use StackWalk64().
count_ = 0;
// Initialize stack walking.
STACKFRAME64 stack_frame;
memset(&stack_frame, 0, sizeof(stack_frame));
UNSAFE_TODO(memset(&stack_frame, 0, sizeof(stack_frame)));
#if defined(ARCH_CPU_X86_64)
DWORD machine_type = IMAGE_FILE_MACHINE_AMD64;
stack_frame.AddrPC.Offset = context_record->Rip;

7
base/files/file_enumerator_win.cc

@ -9,6 +9,7 @@
#include "base/check.h"
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/notreached.h"
#include "base/strings/string_util.h"
#include "base/threading/scoped_blocking_call.h"
@ -37,7 +38,7 @@ FilePath BuildSearchFilter(FileEnumerator::FolderSearchPolicy policy,
// FileEnumerator::FileInfo ----------------------------------------------------
FileEnumerator::FileInfo::FileInfo() {
memset(&find_data_, 0, sizeof(find_data_));
UNSAFE_TODO(memset(&find_data_, 0, sizeof(find_data_)));
}
bool FileEnumerator::FileInfo::IsDirectory() const {
@ -115,7 +116,7 @@ FileEnumerator::FileEnumerator(const FilePath& root_path,
file_type_ |= (FileType::FILES | FileType::DIRECTORIES);
}
memset(&find_data_, 0, sizeof(find_data_));
UNSAFE_TODO(memset(&find_data_, 0, sizeof(find_data_)));
pending_paths_.push(root_path);
}
@ -129,7 +130,7 @@ FileEnumerator::FileInfo FileEnumerator::GetInfo() const {
DCHECK(!(file_type_ & FileType::NAMES_ONLY));
CHECK(has_find_data_);
FileInfo ret;
memcpy(&ret.find_data_, &find_data_, sizeof(find_data_));
UNSAFE_TODO(memcpy(&ret.find_data_, &find_data_, sizeof(find_data_)));
return ret;
}

9
base/files/file_util_win.cc

@ -25,6 +25,7 @@
#include "base/check.h"
#include "base/clang_profiling_buildflags.h"
#include "base/compiler_specific.h"
#include "base/feature_list.h"
#include "base/features.h"
#include "base/files/file_enumerator.h"
@ -868,7 +869,7 @@ bool DevicePathToDriveLetterPath(const FilePath& nt_device_path,
device_path.IsParent(nt_device_path)) {
*out_drive_letter_path =
FilePath(drive + nt_device_path.value().substr(
wcslen(device_path_as_string)));
UNSAFE_TODO(wcslen(device_path_as_string))));
return true;
}
}
@ -948,9 +949,9 @@ bool GetFileInfo(const FilePath& file_path, File::Info* results) {
FILE* OpenFile(const FilePath& filename, const char* mode) {
// 'N' is unconditionally added below, so be sure there is not one already
// present before a comma in |mode|.
DCHECK(
strchr(mode, 'N') == nullptr ||
(strchr(mode, ',') != nullptr && strchr(mode, 'N') > strchr(mode, ',')));
DCHECK(UNSAFE_TODO(strchr(mode, 'N')) == nullptr ||
(UNSAFE_TODO(strchr(mode, ',')) != nullptr &&
UNSAFE_TODO(strchr(mode, 'N')) > UNSAFE_TODO(strchr(mode, ','))));
ScopedBlockingCall scoped_blocking_call(FROM_HERE, BlockingType::MAY_BLOCK);
std::wstring w_mode = UTF8ToWide(mode);
AppendModeCharacter(L'N', &w_mode);

9
base/i18n/icu_util.cc

@ -15,6 +15,7 @@
#include <memory>
#include <string>
#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/environment.h"
#include "base/files/file_path.h"
@ -151,7 +152,7 @@ void LazyInitIcuDataFile() {
#if BUILDFLAG(IS_WIN)
// TODO(brucedawson): http://crbug.com/445616
wchar_t tmp_buffer[_MAX_PATH] = {};
wcscpy_s(tmp_buffer, data_path.value().c_str());
UNSAFE_TODO(wcscpy_s(tmp_buffer, data_path.value().c_str()));
debug::Alias(tmp_buffer);
#endif
data_path = data_path.AppendASCII(kIcuDataFileName);
@ -159,7 +160,7 @@ void LazyInitIcuDataFile() {
#if BUILDFLAG(IS_WIN)
// TODO(brucedawson): http://crbug.com/445616
wchar_t tmp_buffer2[_MAX_PATH] = {};
wcscpy_s(tmp_buffer2, data_path.value().c_str());
UNSAFE_TODO(wcscpy_s(tmp_buffer2, data_path.value().c_str()));
debug::Alias(tmp_buffer2);
#endif
@ -194,7 +195,7 @@ void LazyInitIcuDataFile() {
// TODO(brucedawson): http://crbug.com/445616.
g_debug_icu_pf_last_error = ::GetLastError();
g_debug_icu_pf_error_details = file.error_details();
wcscpy_s(g_debug_icu_pf_filename, data_path.value().c_str());
UNSAFE_TODO(wcscpy_s(g_debug_icu_pf_filename, data_path.value().c_str()));
}
#endif // BUILDFLAG(IS_WIN)
}
@ -287,7 +288,7 @@ bool InitializeICUFromDataFile() {
int debug_icu_pf_error_details = g_debug_icu_pf_error_details;
debug::Alias(&debug_icu_pf_error_details);
wchar_t debug_icu_pf_filename[_MAX_PATH] = {};
wcscpy_s(debug_icu_pf_filename, g_debug_icu_pf_filename);
UNSAFE_TODO(wcscpy_s(debug_icu_pf_filename, g_debug_icu_pf_filename));
debug::Alias(&debug_icu_pf_filename);
#endif // BUILDFLAG(IS_WIN)
// Excluding Chrome OS from this CHECK due to b/289684640.

3
base/message_loop/message_pump_win.cc

@ -14,6 +14,7 @@
#include "base/auto_reset.h"
#include "base/check.h"
#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/debug/crash_logging.h"
#include "base/debug/dump_without_crashing.h"
@ -721,7 +722,7 @@ bool MessagePumpForUI::ProcessPumpReplacementMessage() {
MessagePumpForIO::IOContext::IOContext() {
std::construct_at(GetOverlapped());
std::memset(GetOverlapped(), 0, sizeof(OVERLAPPED));
UNSAFE_TODO(std::memset(GetOverlapped(), 0, sizeof(OVERLAPPED)));
}
MessagePumpForIO::IOContext::~IOContext() {

5
base/process/process_iterator_win.cc

@ -4,6 +4,7 @@
#include "base/process/process_iterator.h"
#include "base/compiler_specific.h"
#include "base/strings/string_util.h"
namespace base {
@ -28,13 +29,13 @@ bool ProcessIterator::CheckForNextProcess() {
}
void ProcessIterator::InitProcessEntry(ProcessEntry* entry) {
memset(entry, 0, sizeof(*entry));
UNSAFE_TODO(memset(entry, 0, sizeof(*entry)));
entry->dwSize = sizeof(*entry);
}
bool NamedProcessIterator::IncludeEntry() {
// Case insensitive.
return !_wcsicmp(executable_name_.c_str(), entry().exe_file()) &&
return UNSAFE_TODO(!_wcsicmp(executable_name_.c_str(), entry().exe_file())) &&
ProcessIterator::IncludeEntry();
}

6
base/sync_socket_win.cc

@ -10,6 +10,7 @@
#include <utility>
#include "base/check.h"
#include "base/compiler_specific.h"
#include "base/containers/span.h"
#include "base/logging.h"
#include "base/notimplemented.h"
@ -54,8 +55,9 @@ bool CreatePairImpl(ScopedHandle* socket_a,
unsigned long rnd_name;
RandBytes(byte_span_from_ref(rnd_name));
swprintf(name, kPipePathMax, kPipeNameFormat, GetCurrentProcessId(),
GetCurrentThreadId(), rnd_name);
UNSAFE_TODO(swprintf(name, kPipePathMax, kPipeNameFormat,
GetCurrentProcessId(), GetCurrentThreadId(),
rnd_name));
handle_a.Set(CreateNamedPipeW(
name, flags, PIPE_TYPE_BYTE | PIPE_READMODE_BYTE, 1, kOutBufferSize,

5
base/test/file_path_reparse_point_win.cc

@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
#pragma allow_unsafe_libc_calls
#endif
#include "base/test/file_path_reparse_point_win.h"
#include <windows.h>

3
base/test/test_file_util_win.cc

@ -15,6 +15,7 @@
#include "base/check.h"
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/containers/heap_array.h"
#include "base/containers/span.h"
#include "base/files/file_path.h"
@ -55,7 +56,7 @@ void* GetPermissionInfo(const FilePath& path, size_t* length) {
*length = sizeof(PSECURITY_DESCRIPTOR) + dacl->AclSize;
PermissionInfo* info = reinterpret_cast<PermissionInfo*>(new char[*length]);
info->security_descriptor = security_descriptor;
memcpy(&info->dacl, dacl, dacl->AclSize);
UNSAFE_TODO(memcpy(&info->dacl, dacl, dacl->AclSize));
return info;
}

3
base/win/hstring_reference.cc

@ -10,6 +10,7 @@
#include <winstring.h>
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/numerics/safe_conversions.h"
namespace base::win {
@ -17,7 +18,7 @@ namespace base::win {
HStringReference::HStringReference(const wchar_t* str) {
// String must be null terminated for WindowsCreateStringReference.
// nullptr str is OK so long as the length is 0.
size_t length = str ? wcslen(str) : 0;
size_t length = str ? UNSAFE_TODO(wcslen(str)) : 0;
const HRESULT hr = ::WindowsCreateStringReference(
str, checked_cast<UINT32>(length), &hstring_header_, &hstring_);
DCHECK_EQ(hr, S_OK);

3
base/win/patch_util.cc

@ -4,6 +4,7 @@
#include "base/win/patch_util.h"
#include "base/compiler_specific.h"
#include "base/notreached.h"
namespace base {
@ -33,7 +34,7 @@ DWORD ModifyCode(void* destination, const void* source, size_t length) {
is_executable ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE,
&old_page_protection)) {
// Write the data.
CopyMemory(destination, source, length);
UNSAFE_TODO(CopyMemory(destination, source, length));
// Restore the old page protection.
error = ERROR_SUCCESS;

3
base/win/security_descriptor.cc

@ -14,6 +14,7 @@
#include <utility>
#include <vector>
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/notreached.h"
@ -315,7 +316,7 @@ std::optional<std::wstring> SecurityDescriptor::ToSddl(
}
void SecurityDescriptor::ToAbsolute(SECURITY_DESCRIPTOR& sd) {
memset(&sd, 0, sizeof(sd));
UNSAFE_TODO(memset(&sd, 0, sizeof(sd)));
sd.Revision = SECURITY_DESCRIPTOR_REVISION;
sd.Owner = owner_ ? owner_->GetPSID() : nullptr;
sd.Group = group_ ? group_->GetPSID() : nullptr;

3
base/win/winrt_storage_util.cc

@ -10,6 +10,7 @@
#include <utility>
#include "base/compiler_specific.h"
#include "base/strings/string_util.h"
#include "base/win/core_winrt_util.h"
#include "base/win/scoped_hstring.h"
@ -69,7 +70,7 @@ HRESULT CreateIBufferFromData(const uint8_t* data,
return hr;
}
memcpy(p_buffer_data, data, length);
UNSAFE_TODO(memcpy(p_buffer_data, data, length));
*buffer = std::move(internal_buffer);

5
chrome/browser/media/router/discovery/test_support/win/fake_ip_adapter_addresses.cc

@ -5,6 +5,7 @@
#include "chrome/browser/media/router/discovery/test_support/win/fake_ip_adapter_addresses.h"
#include "base/check_op.h"
#include "base/compiler_specific.h"
namespace media_router {
@ -25,8 +26,8 @@ FakeIpAdapterAddresses::FakeIpAdapterAddresses(
static_cast<size_t>(MAX_ADAPTER_ADDRESS_LENGTH));
value_.PhysicalAddressLength = physical_address.size();
memcpy(value_.PhysicalAddress, physical_address.data(),
physical_address.size());
UNSAFE_TODO(memcpy(value_.PhysicalAddress, physical_address.data(),
physical_address.size()));
}
FakeIpAdapterAddresses::FakeIpAdapterAddresses(

9
chrome/browser/os_crypt/app_bound_encryption_win.cc

@ -12,6 +12,7 @@
#include <wrl/client.h>
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/feature_list.h"
#include "base/files/file_path.h"
#include "base/logging.h"
@ -166,8 +167,8 @@ HRESULT EncryptAppBoundString(ProtectionLevel protection_level,
return hr;
base::win::ScopedBstr plaintext_data;
::memcpy(plaintext_data.AllocateBytes(plaintext.length()), plaintext.data(),
plaintext.length());
UNSAFE_TODO(::memcpy(plaintext_data.AllocateBytes(plaintext.length()),
plaintext.data(), plaintext.length()));
base::win::ScopedBstr encrypted_data;
if (flags) {
@ -211,8 +212,8 @@ HRESULT DecryptAppBoundString(const std::string& ciphertext,
return hr;
base::win::ScopedBstr ciphertext_data;
::memcpy(ciphertext_data.AllocateBytes(ciphertext.length()),
ciphertext.data(), ciphertext.length());
UNSAFE_TODO(::memcpy(ciphertext_data.AllocateBytes(ciphertext.length()),
ciphertext.data(), ciphertext.length()));
base::win::ScopedBstr plaintext_data;
hr = elevator->DecryptData(ciphertext_data.Get(), plaintext_data.Receive(),

5
chrome/chrome_elf/chrome_elf_main.cc

@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
#pragma allow_unsafe_libc_calls
#endif
#include "chrome/chrome_elf/chrome_elf_main.h"
#include <windows.h>

3
chrome/common/win/delay_load_failure_hook.cc

@ -8,6 +8,7 @@
#include <delayimp.h>
#include "base/check.h"
#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/strings/string_util.h"
#include "chrome/common/win/delay_load_failure_support.h"
@ -21,7 +22,7 @@ namespace {
// this won't generate a crash report.
FARPROC WINAPI DelayLoadFailureHook(unsigned reason, DelayLoadInfo* dll_info) {
char dll_name[MAX_PATH];
base::strlcpy(dll_name, dll_info->szDll, std::size(dll_name));
UNSAFE_TODO(base::strlcpy(dll_name, dll_info->szDll, std::size(dll_name)));
// It's not an error if "bthprops.cpl" fails to be loaded, there's a custom
// exception handler in 'device/bluetooth/bluetooth_init_win.cc" that will
// intercept the exception triggered by the delay load runtime. Returning 0

5
chrome/credential_provider/gaiacp/os_gaia_user_manager.cc

@ -11,6 +11,7 @@
#include <ntstatus.h>
#include <sddl.h>
#include "base/compiler_specific.h"
#include "base/win/ntsecapi_shim.h"
#include "chrome/credential_provider/common/gcp_strings.h"
#include "chrome/credential_provider/gaiacp/gaia_resources.h"
@ -52,7 +53,7 @@ HRESULT GetCurrentGaiaSid(const int& size, wchar_t* current_sid) {
return hr;
}
errno_t err = wcscpy_s(current_sid, size, sid.c_str());
errno_t err = UNSAFE_TODO(wcscpy_s(current_sid, size, sid.c_str()));
return err == 0 ? S_OK : E_FAIL;
}
@ -106,7 +107,7 @@ HRESULT IsGaiaUserSidDifferent(bool* is_sid_different) {
return hr;
}
if (wcscmp(stored_sid, current_sid) != 0) {
if (UNSAFE_TODO(wcscmp(stored_sid, current_sid)) != 0) {
*is_sid_different = true;
}
return hr;

9
chrome/credential_provider/gaiacp/scoped_lsa_policy.cc

@ -9,6 +9,7 @@
#include <lm.h>
#include <ntstatus.h>
#include "base/compiler_specific.h"
#include "base/win/ntsecapi_shim.h"
#include "chrome/credential_provider/gaiacp/gcp_utils.h"
#include "chrome/credential_provider/gaiacp/logging.h"
@ -37,7 +38,7 @@ std::unique_ptr<ScopedLsaPolicy> ScopedLsaPolicy::Create(ACCESS_MASK mask) {
ScopedLsaPolicy::ScopedLsaPolicy(ACCESS_MASK mask) {
LSA_OBJECT_ATTRIBUTES oa;
memset(&oa, 0, sizeof(oa));
UNSAFE_TODO(memset(&oa, 0, sizeof(oa)));
NTSTATUS sts = ::LsaOpenPolicy(nullptr, &oa, mask, &handle_);
if (sts != STATUS_SUCCESS) {
HRESULT hr = HRESULT_FROM_NT(sts);
@ -100,7 +101,7 @@ HRESULT ScopedLsaPolicy::RetrievePrivateData(const wchar_t* key,
if (sts != STATUS_SUCCESS)
return HRESULT_FROM_NT(sts);
errno_t err = wcscpy_s(value, length, lsa_value->Buffer);
errno_t err = UNSAFE_TODO(wcscpy_s(value, length, lsa_value->Buffer));
SecurelyClearBuffer(lsa_value->Buffer, lsa_value->Length);
::LsaFreeMemory(lsa_value);
@ -189,8 +190,8 @@ HRESULT ScopedLsaPolicy::RemoveAccount(PSID sid) {
void ScopedLsaPolicy::InitLsaString(const wchar_t* string,
_UNICODE_STRING* lsa_string) {
lsa_string->Buffer = const_cast<wchar_t*>(string);
lsa_string->Length =
static_cast<USHORT>(wcslen(lsa_string->Buffer) * sizeof(wchar_t));
lsa_string->Length = static_cast<USHORT>(
UNSAFE_TODO(wcslen(lsa_string->Buffer)) * sizeof(wchar_t));
lsa_string->MaximumLength = lsa_string->Length + sizeof(wchar_t);
}

6
chrome/credential_provider/setup/setup.cc

@ -6,6 +6,7 @@
// that the app can be made entireless silent, as required by omaha.
#include <Windows.h>
#include <shlobj.h> // Needed for IsUserAnAdmin()
#include <stdlib.h>
@ -14,6 +15,7 @@
#include "base/at_exit.h"
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/logging.h"
@ -146,7 +148,7 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
time_string, std::size(time_string)) == 0) {
HRESULT last_error_hr = HRESULT_FROM_WIN32(::GetLastError());
LOGFN(ERROR) << "GetTimeFormatEx(start) hr=" << putHR(last_error_hr);
wcscpy_s(time_string, std::size(time_string), L"Unknown");
UNSAFE_TODO(wcscpy_s(time_string, std::size(time_string), L"Unknown"));
}
LOGFN(INFO) << "Start: " << time_string;
@ -216,7 +218,7 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
time_string, std::size(time_string)) == 0) {
HRESULT last_error_hr = HRESULT_FROM_WIN32(::GetLastError());
LOGFN(ERROR) << "GetTimeFormatEx(end) hr=" << putHR(last_error_hr);
wcscpy_s(time_string, std::size(time_string), L"Unknown");
UNSAFE_TODO(wcscpy_s(time_string, std::size(time_string), L"Unknown"));
}
LOGFN(INFO) << (SUCCEEDED(hr) ? "Setup completed successfully"

3
chrome/elevation_service/elevator.cc

@ -12,6 +12,7 @@
#include <vector>
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/numerics/safe_conversions.h"
@ -253,7 +254,7 @@ std::string Elevator::PopFromStringFront(std::string& str) {
return std::string();
auto it = str.begin();
// Obtain the size.
memcpy(&size, str.c_str(), sizeof(size));
UNSAFE_TODO(memcpy(&size, str.c_str(), sizeof(size)));
// Skip over the size field.
std::string value;
if (size) {

5
chrome/elevation_service/service_main_unittest.cc

@ -7,6 +7,7 @@
#include <string>
#include <utility>
#include "base/compiler_specific.h"
#include "base/containers/heap_array.h"
#include "base/files/file_path.h"
#include "base/path_service.h"
@ -105,7 +106,7 @@ TEST_F(ServiceMainTest, EncryptDecryptTest) {
BSTR input = ::SysAllocStringByteLen(nullptr, plaintext.length());
ASSERT_TRUE(input);
memcpy(input, plaintext.data(), plaintext.length());
UNSAFE_TODO(memcpy(input, plaintext.data(), plaintext.length()));
base::win::ScopedBstr output;
DWORD last_error;
HRESULT hr =
@ -120,7 +121,7 @@ TEST_F(ServiceMainTest, EncryptDecryptTest) {
output.ByteLength());
BSTR input2 = ::SysAllocStringByteLen(nullptr, encrypted.length());
memcpy(input2, encrypted.data(), encrypted.length());
UNSAFE_TODO(memcpy(input2, encrypted.data(), encrypted.length()));
base::win::ScopedBstr original;
hr = elevator->DecryptData(input2, original.Receive(), &last_error);

4
chrome/install_static/install_details.cc

@ -9,6 +9,7 @@
#include <type_traits>
#include "base/compiler_specific.h"
#include "base/version_info/version_info_values.h"
#include "chrome/chrome_elf/nt_registry/nt_registry.h"
#include "chrome/install_static/install_modes.h"
@ -37,7 +38,8 @@ std::wstring InstallDetails::GetClientStateMediumKeyPath() const {
bool InstallDetails::VersionMismatch() const {
// Check the product version and the size of the mode structure.
return payload_->size != sizeof(Payload) ||
strcmp(payload_->product_version, &kProductVersion[0]) != 0 ||
UNSAFE_TODO(strcmp(payload_->product_version, &kProductVersion[0])) !=
0 ||
payload_->mode->size != sizeof(InstallConstants);
}

11
chrome/installer/setup/installer_state_unittest.cc

@ -13,6 +13,7 @@
#include "base/base_paths.h"
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
@ -178,8 +179,9 @@ TEST_F(InstallerStateTest, InitializeTwice) {
EXPECT_EQ(InstallerState::USER_LEVEL, installer_state.level());
EXPECT_EQ(InstallerState::SINGLE_INSTALL_OR_UPDATE,
installer_state.operation());
EXPECT_TRUE(wcsstr(installer_state.target_path().value().c_str(),
install_static::GetChromeInstallSubDirectory().c_str()));
EXPECT_TRUE(UNSAFE_TODO(
wcsstr(installer_state.target_path().value().c_str(),
install_static::GetChromeInstallSubDirectory().c_str())));
EXPECT_FALSE(installer_state.verbose_logging());
EXPECT_EQ(installer_state.state_key(),
install_static::GetClientStateKeyPath());
@ -196,8 +198,9 @@ TEST_F(InstallerStateTest, InitializeTwice) {
EXPECT_EQ(InstallerState::SYSTEM_LEVEL, installer_state.level());
EXPECT_EQ(InstallerState::SINGLE_INSTALL_OR_UPDATE,
installer_state.operation());
EXPECT_TRUE(wcsstr(installer_state.target_path().value().c_str(),
install_static::GetChromeInstallSubDirectory().c_str()));
EXPECT_TRUE(UNSAFE_TODO(
wcsstr(installer_state.target_path().value().c_str(),
install_static::GetChromeInstallSubDirectory().c_str())));
EXPECT_TRUE(installer_state.verbose_logging());
EXPECT_EQ(installer_state.state_key(),
install_static::GetClientStateKeyPath());

7
chrome/installer/setup/setup_util_unittest.cc

@ -16,6 +16,7 @@
#include "base/base64.h"
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/containers/contains.h"
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
@ -582,7 +583,8 @@ TEST(SetupUtilTest, StoreDMTokenToRegistrySuccess) {
key.ReadValue(name.c_str(), raw_value.data(), &size, &dtype));
EXPECT_EQ(REG_BINARY, dtype);
ASSERT_EQ(kExpectedSize, size);
EXPECT_EQ(0, memcmp(token.data(), raw_value.data(), kExpectedSize));
EXPECT_EQ(0,
UNSAFE_TODO(memcmp(token.data(), raw_value.data(), kExpectedSize)));
std::tie(key, name) = InstallUtil::GetCloudManagementDmTokenLocation(
InstallUtil::ReadOnly(true), InstallUtil::BrowserLocation(true));
@ -593,7 +595,8 @@ TEST(SetupUtilTest, StoreDMTokenToRegistrySuccess) {
key.ReadValue(name.c_str(), raw_value.data(), &size, &dtype));
EXPECT_EQ(REG_BINARY, dtype);
ASSERT_EQ(kExpectedSize, size);
EXPECT_EQ(0, memcmp(token.data(), raw_value.data(), kExpectedSize));
EXPECT_EQ(0,
UNSAFE_TODO(memcmp(token.data(), raw_value.data(), kExpectedSize)));
}
TEST(SetupUtilTest, StoreDMTokenToRegistryShouldFailWhenDMTokenTooLarge) {

5
chrome/installer/util/install_service_work_item_unittest.cc

@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
#pragma allow_unsafe_libc_calls
#endif
#include "chrome/installer/util/install_service_work_item.h"
#include <shlobj.h>

3
chrome/test/chromedriver/keycode_text_conversion_win.cc

@ -21,8 +21,7 @@ bool ConvertKeyCodeToText(
ui::KeyboardCode key_code, int modifiers, std::string* text,
std::string* error_msg) {
UINT scan_code = ::MapVirtualKeyW(key_code, MAPVK_VK_TO_VSC);
BYTE keyboard_state[256];
memset(keyboard_state, 0, 256);
BYTE keyboard_state[256] = {};
*error_msg = std::string();
if (modifiers & kShiftKeyModifierMask)
keyboard_state[VK_SHIFT] |= 0x80;

4
chrome/updater/util/win_util.cc

@ -108,8 +108,8 @@ HRESULT GetSidIntegrityLevel(PSID sid, MANDATORY_LEVEL* level) {
}
constexpr SID_IDENTIFIER_AUTHORITY kMandatoryLabelAuth =
SECURITY_MANDATORY_LABEL_AUTHORITY;
if (std::memcmp(authority, &kMandatoryLabelAuth,
sizeof(SID_IDENTIFIER_AUTHORITY))) {
if (UNSAFE_TODO(std::memcmp(authority, &kMandatoryLabelAuth,
sizeof(SID_IDENTIFIER_AUTHORITY)))) {
return E_FAIL;
}
PUCHAR count = ::GetSidSubAuthorityCount(sid);

3
components/crash/core/app/fallback_crash_handler_win_unittest.cc

@ -12,6 +12,7 @@
#include "base/base_switches.h"
#include "base/check_op.h"
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/files/scoped_temp_dir.h"
#include "base/process/process_handle.h"
@ -37,7 +38,7 @@ class ExceptionPointers {
public:
ExceptionPointers() {
RtlCaptureContext(&context_);
memset(&exception_, 0, sizeof(exception_));
UNSAFE_TODO(memset(&exception_, 0, sizeof(exception_)));
exception_.ExceptionCode = EXCEPTION_ACCESS_VIOLATION;
exception_ptrs_.ExceptionRecord = &exception_;

3
components/named_mojo_ipc_server/named_mojo_server_endpoint_connector_win.cc

@ -12,6 +12,7 @@
#include <utility>
#include "base/check.h"
#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/logging.h"
#include "base/memory/scoped_refptr.h"
@ -116,7 +117,7 @@ void NamedMojoServerEndpointConnectorWin::Connect() {
// The |lpOverlapped| argument of ConnectNamedPipe() has the annotation of
// [in, out, optional], so we reset the content before passing it in, just to
// be safe.
memset(&connect_overlapped_, 0, sizeof(connect_overlapped_));
UNSAFE_TODO(memset(&connect_overlapped_, 0, sizeof(connect_overlapped_)));
connect_overlapped_.hEvent = client_connected_event_.handle();
BOOL ok =
ConnectNamedPipe(pending_named_pipe_handle_.Get(), &connect_overlapped_);

3
components/winhttp/scoped_winttp_proxy_info.h

@ -11,6 +11,7 @@
#include <string>
#include "base/compiler_specific.h"
#include "base/logging.h"
namespace winhttp {
@ -94,7 +95,7 @@ class ScopedWinHttpProxyInfo {
return nullptr;
}
memcpy(string_mem, str.data(), size_in_bytes);
UNSAFE_TODO(memcpy(string_mem, str.data(), size_in_bytes));
return string_mem;
}
WINHTTP_PROXY_INFO proxy_info_ = {};

3
device/base/device_info_query_win.cc

@ -7,6 +7,7 @@
#include <stddef.h>
#include <string.h>
#include "base/compiler_specific.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
@ -14,7 +15,7 @@ namespace device {
DeviceInfoQueryWin::DeviceInfoQueryWin()
: device_info_list_(SetupDiCreateDeviceInfoList(nullptr, nullptr)) {
memset(&device_info_data_, 0, sizeof(device_info_data_));
UNSAFE_TODO(memset(&device_info_data_, 0, sizeof(device_info_data_)));
}
DeviceInfoQueryWin::~DeviceInfoQueryWin() {

3
device/base/device_monitor_win.cc

@ -13,6 +13,7 @@
#include <memory>
#include "base/at_exit.h"
#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/logging.h"
@ -33,7 +34,7 @@ DeviceMonitorMessageWindow* g_message_window;
// STL map.
struct CompareGUID {
bool operator()(const GUID& a, const GUID& b) const {
return memcmp(&a, &b, sizeof a) < 0;
return UNSAFE_TODO(memcmp(&a, &b, sizeof a)) < 0;
}
};
} // namespace

15
device/bluetooth/bluetooth_socket_win.cc

@ -10,6 +10,7 @@
#include <string>
#include <utility>
#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/logging.h"
@ -63,10 +64,12 @@ namespace device {
struct BluetoothSocketWin::ServiceRegData {
ServiceRegData() {
ZeroMemory(&address, sizeof(address));
ZeroMemory(&address_info, sizeof(address_info));
ZeroMemory(&uuid, sizeof(uuid));
ZeroMemory(&service, sizeof(service));
UNSAFE_TODO({
ZeroMemory(&address, sizeof(address));
ZeroMemory(&address_info, sizeof(address_info));
ZeroMemory(&uuid, sizeof(uuid));
ZeroMemory(&service, sizeof(service));
});
}
SOCKADDR_BTH address;
@ -193,7 +196,7 @@ void BluetoothSocketWin::DoConnect(base::OnceClosure success_callback,
net::EnsureWinsockInit();
SOCKET socket_fd = socket(AF_BTH, SOCK_STREAM, BTHPROTO_RFCOMM);
SOCKADDR_BTH sa;
ZeroMemory(&sa, sizeof(sa));
UNSAFE_TODO(ZeroMemory(&sa, sizeof(sa)));
sa.addressFamily = AF_BTH;
sa.port = rfcomm_channel_;
sa.btAddr = bth_addr_;
@ -262,7 +265,7 @@ void BluetoothSocketWin::DoListen(const BluetoothUUID& uuid,
SOCKADDR_BTH sa;
struct sockaddr* sock_addr = reinterpret_cast<struct sockaddr*>(&sa);
int sock_addr_len = sizeof(sa);
ZeroMemory(&sa, sock_addr_len);
UNSAFE_TODO(ZeroMemory(&sa, sock_addr_len));
sa.addressFamily = AF_BTH;
sa.port = rfcomm_channel ? rfcomm_channel : BT_PORT_ANY;
if (bind(socket_fd, sock_addr, sock_addr_len) < 0) {

8
media/cdm/win/media_foundation_cdm_util.cc

@ -4,11 +4,13 @@
#include "media/cdm/win/media_foundation_cdm_util.h"
#include <combaseapi.h>
#include <initguid.h> // Needed for DEFINE_PROPERTYKEY to work properly.
#include <combaseapi.h>
#include <mferror.h>
#include <propkeydef.h> // Needed for DEFINE_PROPERTYKEY.
#include "base/compiler_specific.h"
#include "base/files/file_util.h"
#include "base/strings/utf_string_conversions.h"
#include "base/win/propvarutil.h"
@ -142,8 +144,8 @@ HRESULT BuildCdmProperties(
client_token_propvar->caub.cElems = client_token->size();
client_token_propvar->caub.pElems = reinterpret_cast<unsigned char*>(
CoTaskMemAlloc(client_token->size() * sizeof(char)));
memcpy(client_token_propvar->caub.pElems, client_token->data(),
client_token->size());
UNSAFE_TODO(memcpy(client_token_propvar->caub.pElems, client_token->data(),
client_token->size()));
RETURN_IF_FAILED(temp_properties->SetValue(
EME_CONTENTDECRYPTIONMODULE_CLIENT_TOKEN, client_token_var.get()));

10
media/gpu/windows/d3d12_video_processor_wrapper.cc

@ -4,6 +4,7 @@
#include "media/gpu/windows/d3d12_video_processor_wrapper.h"
#include "base/compiler_specific.h"
#include "base/logging.h"
#include "base/memory/ptr_util.h"
#include "media/gpu/windows/d3d12_helpers.h"
@ -95,10 +96,11 @@ bool D3D12VideoProcessorWrapper::ProcessFrames(
};
HRESULT hr;
if (memcmp(&input_stream_desc, &input_stream_desc_,
sizeof(D3D12_VIDEO_PROCESS_INPUT_STREAM_DESC)) != 0 ||
memcmp(&output_stream_desc, &output_stream_desc_,
sizeof(D3D12_VIDEO_PROCESS_OUTPUT_STREAM_DESC)) != 0) {
if (UNSAFE_TODO(memcmp(&input_stream_desc, &input_stream_desc_,
sizeof(D3D12_VIDEO_PROCESS_INPUT_STREAM_DESC))) != 0 ||
UNSAFE_TODO(memcmp(&output_stream_desc, &output_stream_desc_,
sizeof(D3D12_VIDEO_PROCESS_OUTPUT_STREAM_DESC))) !=
0) {
D3D12_FEATURE_DATA_VIDEO_PROCESS_SUPPORT support{
.InputSample = {.Width = static_cast<UINT>(input_texture_desc.Width),
.Height = input_texture_desc.Height,

5
mojo/core/test/test_utils_win.cc

@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
#pragma allow_unsafe_libc_calls
#endif
#include "mojo/core/test/test_utils.h"
#include <windows.h>

3
mojo/public/cpp/platform/platform_channel_server_win.cc

@ -11,6 +11,7 @@
#include <utility>
#include "base/check.h"
#include "base/compiler_specific.h"
#include "base/memory/weak_ptr.h"
#include "base/task/current_thread.h"
#include "base/task/sequenced_task_runner.h"
@ -27,7 +28,7 @@ class ListenerImpl : public PlatformChannelServer::Listener,
public base::win::ObjectWatcher::Delegate {
public:
ListenerImpl() {
memset(&connect_overlapped_, 0, sizeof(connect_overlapped_));
UNSAFE_TODO(memset(&connect_overlapped_, 0, sizeof(connect_overlapped_)));
}
~ListenerImpl() override {

3
net/base/network_change_notifier_win.cc

@ -10,6 +10,7 @@
#include <utility>
#include "base/compiler_specific.h"
#include "base/feature_list.h"
#include "base/functional/bind.h"
#include "base/location.h"
@ -45,7 +46,7 @@ NetworkChangeNotifierWin::NetworkChangeNotifierWin()
CONNECTION_NONE),
sequence_runner_for_registration_(
base::SequencedTaskRunner::GetCurrentDefault()) {
memset(&addr_overlapped_, 0, sizeof addr_overlapped_);
UNSAFE_TODO(memset(&addr_overlapped_, 0, sizeof addr_overlapped_));
addr_overlapped_.hEvent = WSACreateEvent();
cost_change_notifier_ = NetworkCostChangeNotifierWin::CreateInstance(

2
net/dns/dns_config_service_win.cc

@ -98,7 +98,7 @@ ReadAdapterUnicastAddresses() {
for (unsigned tries = 0; (tries < 3) && (rv == ERROR_BUFFER_OVERFLOW);
tries++) {
out.reset(static_cast<PIP_ADAPTER_ADDRESSES>(malloc(len)));
memset(out.get(), 0, len);
UNSAFE_TODO(memset(out.get(), 0, len));
rv = GetAdaptersAddresses(AF_UNSPEC,
GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_DNS_SERVER |
GAA_FLAG_SKIP_MULTICAST |

2
net/dns/public/win_dns_system_settings.cc

@ -140,7 +140,7 @@ ReadAdapterDnsAddresses() {
for (unsigned tries = 0; (tries < 3) && (rv == ERROR_BUFFER_OVERFLOW);
tries++) {
out.reset(static_cast<PIP_ADAPTER_ADDRESSES>(malloc(len)));
memset(out.get(), 0, len);
UNSAFE_TODO(memset(out.get(), 0, len));
rv = GetAdaptersAddresses(AF_UNSPEC,
GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_UNICAST |
GAA_FLAG_SKIP_MULTICAST |

5
remoting/host/desktop_display_info_loader_win.cc

@ -10,6 +10,7 @@
#include <limits>
#include <vector>
#include "base/compiler_specific.h"
#include "base/strings/utf_string_conversions.h"
namespace remoting {
@ -111,8 +112,8 @@ DesktopDisplayInfo DesktopDisplayInfoLoaderWin::GetCurrentDisplayInfo() {
// get the friendly name for the device.
std::string monitor_name;
for (const auto& entry : paths_with_names) {
if (wcscmp(entry.source_device_name.viewGdiDeviceName,
device.DeviceName) == 0) {
if (UNSAFE_TODO(wcscmp(entry.source_device_name.viewGdiDeviceName,
device.DeviceName)) == 0) {
monitor_name = GetFriendlyDeviceName(entry.path);
break;
}

2
remoting/host/input_injector_win.cc

@ -44,7 +44,7 @@ void SendKeyboardInput(uint32_t flags,
uint16_t virtual_key) {
// Populate a Windows INPUT structure for the event.
INPUT input;
memset(&input, 0, sizeof(input));
UNSAFE_TODO(memset(&input, 0, sizeof(input)));
input.type = INPUT_KEYBOARD;
input.ki.time = 0;
input.ki.dwFlags = flags;

5
remoting/host/touch_injector_win.cc

@ -7,6 +7,7 @@
#include <string>
#include <utility>
#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/native_library.h"
@ -231,7 +232,7 @@ void TouchInjectorWin::AddNewTouchPoints(const TouchEvent& event) {
for (const TouchEventPoint& touch_point : event.touch_points()) {
POINTER_TOUCH_INFO pointer_touch_info;
memset(&pointer_touch_info, 0, sizeof(pointer_touch_info));
UNSAFE_TODO(memset(&pointer_touch_info, 0, sizeof(pointer_touch_info)));
pointer_touch_info.pointerInfo.pointerFlags =
POINTER_FLAG_INRANGE | POINTER_FLAG_INCONTACT | POINTER_FLAG_DOWN;
ConvertToPointerTouchInfo(touch_point, &pointer_touch_info);
@ -254,7 +255,7 @@ void TouchInjectorWin::MoveTouchPoints(const TouchEvent& event) {
for (const TouchEventPoint& touch_point : event.touch_points()) {
POINTER_TOUCH_INFO* pointer_touch_info =
&touches_in_contact_[touch_point.id()];
memset(pointer_touch_info, 0, sizeof(*pointer_touch_info));
UNSAFE_TODO(memset(pointer_touch_info, 0, sizeof(*pointer_touch_info)));
pointer_touch_info->pointerInfo.pointerFlags =
POINTER_FLAG_INRANGE | POINTER_FLAG_INCONTACT | POINTER_FLAG_UPDATE;
ConvertToPointerTouchInfo(touch_point, pointer_touch_info);

3
rlz/win/lib/rlz_lib_win.cc

@ -13,6 +13,7 @@
#include <memory>
#include "base/compiler_specific.h"
#include "base/win/registry.h"
#include "rlz/lib/assert.h"
#include "rlz/lib/machine_deal_win.h"
@ -150,7 +151,7 @@ bool CreateMachineState() {
// Add ALL-USERS ALL-ACCESS ACL.
EXPLICIT_ACCESS ea;
ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
UNSAFE_TODO(ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)));
ea.grfAccessPermissions = GENERIC_ALL | KEY_ALL_ACCESS;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;

5
sandbox/win/src/lpc_policy_test.cc

@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
#pragma allow_unsafe_libc_calls
#endif
// These tests have been added to specifically tests issues arising from (A)LPC
// lock down.

6
sandbox/win/src/policy_opcodes_unittest.cc

@ -2,11 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "sandbox/win/src/policy_engine_opcodes.h"
#include <stddef.h>
#include <stdint.h>
#include "base/compiler_specific.h"
#include "sandbox/win/src/policy_engine_opcodes.h"
#include "sandbox/win/src/policy_engine_params.h"
#include "sandbox/win/src/sandbox_nt_types.h"
#include "sandbox/win/src/sandbox_nt_util.h"
@ -45,7 +45,7 @@ TEST(PolicyEngineTest, ParameterSetTest) {
ParameterSet pset4 = ParamPickerMake(txt);
const wchar_t* result3 = nullptr;
EXPECT_TRUE(pset4.Get(&result3));
EXPECT_EQ(0, wcscmp(txt, result3));
EXPECT_EQ(0, UNSAFE_TODO(wcscmp(txt, result3)));
}
TEST(PolicyEngineTest, OpcodeConstraints) {

4
sandbox/win/src/policy_target_test.cc

@ -6,6 +6,7 @@
#include <string_view>
#include "base/compiler_specific.h"
#include "base/environment.h"
#include "base/memory/read_only_shared_memory_region.h"
#include "base/memory/writable_shared_memory_region.h"
@ -488,7 +489,8 @@ TEST(PolicyTargetTest, ShareHandleTest) {
ASSERT_TRUE(writable_region.IsValid());
base::WritableSharedMemoryMapping writable_mapping = writable_region.Map();
ASSERT_TRUE(writable_mapping.IsValid());
memcpy(writable_mapping.memory(), contents.data(), contents.size());
UNSAFE_TODO(
memcpy(writable_mapping.memory(), contents.data(), contents.size()));
// Get the path to the sandboxed app.
wchar_t prog_name[MAX_PATH];

3
sandbox/win/src/process_mitigations_extensionpoints_unittest.cc

@ -6,6 +6,7 @@
#include <psapi.h>
#include "base/compiler_specific.h"
#include "base/scoped_native_library.h"
#include "base/win/registry.h"
#include "base/win/startup_information.h"
@ -310,7 +311,7 @@ void TestWin8ExtensionPointAppInitWrapper(bool is_success_test) {
wchar_t name[MAX_PATH] = {};
if (::GetModuleFileNameExW(proc_info.hProcess, module, name,
MAX_PATH) &&
::wcsstr(name, hooking_dll::g_hook_dll_file)) {
UNSAFE_TODO(::wcsstr(name, hooking_dll::g_hook_dll_file))) {
// Found it.
dll_loaded = true;
break;

5
sandbox/win/src/process_policy_test.cc

@ -5,6 +5,7 @@
#include <memory>
#include <string>
#include "base/compiler_specific.h"
#include "base/memory/free_deleter.h"
#include "base/strings/sys_string_conversions.h"
#include "base/win/scoped_handle.h"
@ -104,8 +105,8 @@ SBOX_TESTS_COMMAND int Process_Crash(int argc, wchar_t** argv) {
// Generate a event name, used to test thread creation.
std::wstring GenerateEventName(DWORD pid) {
wchar_t buff[30] = {};
int res = swprintf_s(buff, sizeof(buff) / sizeof(buff[0]),
L"ProcessPolicyTest_%08x", pid);
int res = UNSAFE_TODO(swprintf_s(buff, sizeof(buff) / sizeof(buff[0]),
L"ProcessPolicyTest_%08x", pid));
if (-1 != res) {
return std::wstring(buff);
}

5
sandbox/win/src/service_resolver_64.cc

@ -5,13 +5,14 @@
#include "sandbox/win/src/service_resolver.h"
#include <windows.h>
#include <winternl.h>
#include <ntstatus.h>
#include <stddef.h>
#include <winternl.h>
#include <memory>
#include "base/compiler_specific.h"
#include "base/containers/heap_array.h"
namespace {
@ -247,7 +248,7 @@ bool ServiceResolverThunk::IsFunctionAService(void* local_thunk) const {
return false;
// Save the verified code.
memcpy(local_thunk, &function_code, sizeof(function_code));
UNSAFE_TODO(memcpy(local_thunk, &function_code, sizeof(function_code)));
return true;
}

7
sandbox/win/src/service_resolver_unittest.cc

@ -12,6 +12,7 @@
#include <memory>
#include "base/bit_cast.h"
#include "base/compiler_specific.h"
#include "base/memory/raw_ptr.h"
#include "sandbox/win/src/nt_internals.h"
#include "sandbox/win/src/resolver.h"
@ -70,7 +71,7 @@ NTSTATUS PatchNtdllWithResolver(const char* function,
return STATUS_UNSUCCESSFUL;
BYTE service[50];
memcpy(service, target, sizeof(service));
UNSAFE_TODO(memcpy(service, target, sizeof(service)));
resolver.set_target(service);
@ -87,7 +88,7 @@ NTSTATUS PatchNtdllWithResolver(const char* function,
if (NT_SUCCESS(ret)) {
const BYTE kJump32 = 0xE9;
EXPECT_EQ(thunk_size, used);
EXPECT_NE(0, memcmp(service, target, sizeof(service)));
EXPECT_NE(0, UNSAFE_TODO(memcmp(service, target, sizeof(service))));
EXPECT_NE(kJump32, service[0]);
if (relaxed) {
@ -186,7 +187,7 @@ TEST(ServiceResolverTest, LocalPatchesAllowed) {
ASSERT_TRUE(target);
BYTE service[50];
memcpy(service, target, sizeof(service));
UNSAFE_TODO(memcpy(service, target, sizeof(service)));
resolver.set_target(service);
// Any pointer will do as an interception_entry_point

7
sandbox/win/tests/common/test_utils.cc

@ -9,6 +9,7 @@
#include <stddef.h>
#include <winioctl.h>
#include "base/compiler_specific.h"
#include "base/numerics/safe_conversions.h"
namespace sandbox {
@ -42,7 +43,8 @@ typedef struct _REPARSE_DATA_BUFFER {
// Sets a reparse point. |source| will now point to |target|. Returns true if
// the call succeeds, false otherwise.
bool SetReparsePoint(HANDLE source, const wchar_t* target) {
USHORT size_target = static_cast<USHORT>(wcslen(target)) * sizeof(target[0]);
USHORT size_target =
static_cast<USHORT>(UNSAFE_TODO(wcslen(target))) * sizeof(target[0]);
char buffer[2000] = {};
DWORD returned;
@ -50,7 +52,8 @@ bool SetReparsePoint(HANDLE source, const wchar_t* target) {
REPARSE_DATA_BUFFER* data = reinterpret_cast<REPARSE_DATA_BUFFER*>(buffer);
data->ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
memcpy(data->MountPointReparseBuffer.PathBuffer, target, size_target + 2);
UNSAFE_TODO(memcpy(data->MountPointReparseBuffer.PathBuffer, target,
size_target + 2));
data->MountPointReparseBuffer.SubstituteNameLength = size_target;
data->MountPointReparseBuffer.PrintNameOffset = size_target + 2;
data->ReparseDataLength = size_target + 4 + 8;

3
services/device/usb/usb_device_handle_win.cc

@ -19,6 +19,7 @@
#include <utility>
#include <vector>
#include "base/compiler_specific.h"
#include "base/containers/contains.h"
#include "base/functional/bind.h"
#include "base/location.h"
@ -142,7 +143,7 @@ class UsbDeviceHandleWin::Request : public base::win::ObjectWatcher::Delegate {
: handle_(handle),
interface_number_(interface_number),
event_(CreateEvent(nullptr, false, false, nullptr)) {
memset(&overlapped_, 0, sizeof(overlapped_));
UNSAFE_TODO(memset(&overlapped_, 0, sizeof(overlapped_)));
overlapped_.hEvent = event_.Get();
}

6
skia/ext/raster_handle_allocator_win.cc

@ -9,6 +9,7 @@
#include <string.h>
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/debug/gdi_debug_util_win.h"
#include "base/logging.h"
#include "base/memory/ptr_util.h"
@ -59,8 +60,9 @@ static bool Create(int width,
// The HBITMAP is 32-bit RGB data. A size_t causes a type change from int when
// multiplying against the dimensions.
const size_t bpp = 4;
if (do_clear)
memset(pixels, 0, width * bpp * height);
if (do_clear) {
UNSAFE_TODO(memset(pixels, 0, width * bpp * height));
}
HDC hdc = CreateCompatibleDC(nullptr);
if (!hdc)

3
ui/base/ime/win/on_screen_keyboard_display_manager_tab_tip.cc

@ -12,6 +12,7 @@
#include "base/base_switches.h"
#include "base/command_line.h"
#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/location.h"
#include "base/logging.h"
@ -318,7 +319,7 @@ bool OnScreenKeyboardDisplayManagerTabTip::GetOSKPath(std::wstring* osk_path) {
return false;
}
osk_path->resize(wcslen(osk_path->c_str()));
osk_path->resize(UNSAFE_TODO(wcslen(osk_path->c_str())));
*osk_path = base::ToLowerASCII(*osk_path);

3
ui/display/win/color_profile_reader.cc

@ -8,6 +8,7 @@
#include <stddef.h>
#include "base/compiler_specific.h"
#include "base/files/file_util.h"
#include "base/functional/bind.h"
#include "base/task/thread_pool.h"
@ -25,7 +26,7 @@ BOOL CALLBACK EnumMonitorForProfilePathCallback(HMONITOR monitor,
LPARAM data) {
std::wstring device_name;
MONITORINFOEX monitor_info;
::ZeroMemory(&monitor_info, sizeof(monitor_info));
UNSAFE_TODO(::ZeroMemory(&monitor_info, sizeof(monitor_info)));
monitor_info.cbSize = sizeof(monitor_info);
::GetMonitorInfo(monitor, &monitor_info);
device_name = std::wstring(monitor_info.szDevice);

5
ui/display/win/display_config_helper.cc

@ -6,6 +6,8 @@
#include <vector>
#include "base/compiler_specific.h"
namespace display::win {
namespace {
@ -65,7 +67,8 @@ DISPLAY_EXPORT std::optional<DISPLAYCONFIG_PATH_INFO> GetDisplayConfigPathInfo(
device_name.header.adapterId = info.sourceInfo.adapterId;
device_name.header.id = info.sourceInfo.id;
if ((::DisplayConfigGetDeviceInfo(&device_name.header) == ERROR_SUCCESS) &&
(wcscmp(monitor_info.szDevice, device_name.viewGdiDeviceName) == 0)) {
(UNSAFE_TODO(wcscmp(monitor_info.szDevice,
device_name.viewGdiDeviceName)) == 0)) {
return info;
}
}

3
ui/display/win/display_info.cc

@ -6,6 +6,7 @@
#include <string.h>
#include "base/compiler_specific.h"
#include "base/hash/hash.h"
#include "base/metrics/histogram_functions.h"
#include "base/rand_util.h"
@ -22,7 +23,7 @@ namespace {
template <size_t N>
std::wstring_view FixedArrayToStringView(
const std::wstring_view::value_type (&str)[N]) {
return std::wstring_view(str, ::wcsnlen(str, N));
return std::wstring_view(str, UNSAFE_TODO(::wcsnlen(str, N)));
}
} // namespace

3
ui/display/win/screen_win.cc

@ -12,6 +12,7 @@
#include <optional>
#include <sstream>
#include "base/compiler_specific.h"
#include "base/containers/contains.h"
#include "base/containers/flat_set.h"
#include "base/debug/alias.h"
@ -575,7 +576,7 @@ gfx::Point DIPToScreenPoint(const gfx::Point& dip_point,
// Create a fake FHD display used in case no displays are ever conneceted.
ScreenWinDisplay CreateFallbackPrimaryScreenDisplay() {
MONITORINFOEX monitor_info;
::ZeroMemory(&monitor_info, sizeof(monitor_info));
UNSAFE_TODO(::ZeroMemory(&monitor_info, sizeof(monitor_info)));
monitor_info.cbSize = sizeof(monitor_info);
monitor_info.rcMonitor = gfx::Rect{1920, 1080}.ToRECT();
monitor_info.rcWork = monitor_info.rcMonitor;

4
ui/events/event_utils.h

@ -13,6 +13,7 @@
#include <vector>
#include "base/bits.h"
#include "base/compiler_specific.h"
#include "build/build_config.h"
#include "ui/display/display.h"
#include "ui/events/base_event_utils.h"
@ -223,7 +224,8 @@ template <base::bits::UnsignedInteger T>
Event::PropertyValue ConvertToEventPropertyValue(const T& value) {
Event::PropertyValue property_value;
property_value.resize(sizeof(T));
std::memcpy(property_value.data(), &value, property_value.size());
UNSAFE_TODO(
std::memcpy(property_value.data(), &value, property_value.size()));
return property_value;
}

8
ui/events/win/stylus_handwriting_properties_win.cc

@ -6,6 +6,7 @@
#include <ShellHandwriting.h>
#include "base/compiler_specific.h"
#include "base/debug/dump_without_crashing.h"
#include "base/trace_event/trace_event.h"
#include "ui/events/event_utils.h"
@ -70,8 +71,8 @@ std::optional<StylusHandwritingPropertiesWin> GetStylusHandwritingProperties(
if (it != event_properties->end()) {
CHECK_EQ(it->second.size(), sizeof(uint32_t));
uint32_t handwriting_pointer_id = 0;
std::memcpy(&handwriting_pointer_id, it->second.data(),
it->second.size());
UNSAFE_TODO(std::memcpy(&handwriting_pointer_id, it->second.data(),
it->second.size()));
handwriting_properties =
std::make_optional<StylusHandwritingPropertiesWin>();
handwriting_properties->handwriting_pointer_id = handwriting_pointer_id;
@ -81,7 +82,8 @@ std::optional<StylusHandwritingPropertiesWin> GetStylusHandwritingProperties(
if (it != event_properties->end()) {
CHECK_EQ(it->second.size(), sizeof(uint64_t));
uint64_t handwriting_stroke_id = 0;
std::memcpy(&handwriting_stroke_id, it->second.data(), it->second.size());
UNSAFE_TODO(std::memcpy(&handwriting_stroke_id, it->second.data(),
it->second.size()));
if (!handwriting_properties.has_value()) [[unlikely]] {
handwriting_properties =
std::make_optional<StylusHandwritingPropertiesWin>();

5
ui/gfx/gdi_util.cc

@ -9,6 +9,7 @@
#include <algorithm>
#include <memory>
#include "base/compiler_specific.h"
#include "skia/ext/skia_utils_win.h"
namespace gfx {
@ -20,8 +21,8 @@ void CreateBitmapV4HeaderForARGB888(int width,
// copy the bits over to the v4 header.
BITMAPINFOHEADER header_v3;
skia::CreateBitmapHeaderForXRGB888(width, height, &header_v3);
memset(hdr, 0, sizeof(BITMAPV4HEADER));
memcpy(hdr, &header_v3, sizeof(BITMAPINFOHEADER));
UNSAFE_TODO(memset(hdr, 0, sizeof(BITMAPV4HEADER)));
UNSAFE_TODO(memcpy(hdr, &header_v3, sizeof(BITMAPINFOHEADER)));
// Correct the size of the header and fill in the mask values.
hdr->bV4Size = sizeof(BITMAPV4HEADER);

5
ui/gfx/system_fonts_win.cc

@ -6,6 +6,7 @@
#include <windows.h>
#include "base/compiler_specific.h"
#include "base/containers/flat_map.h"
#include "base/logging.h"
#include "base/no_destructor.h"
@ -79,8 +80,8 @@ class SystemFonts {
new_height = logfont->lfHeight > 0 ? 1 : -1;
logfont->lfHeight = new_height;
if (!font_adjustment.font_family_override.empty()) {
auto result = wcscpy_s(logfont->lfFaceName,
font_adjustment.font_family_override.c_str());
auto result = UNSAFE_TODO(wcscpy_s(
logfont->lfFaceName, font_adjustment.font_family_override.c_str()));
DCHECK_EQ(0, result) << "Font name "
<< font_adjustment.font_family_override
<< " cannot be copied into LOGFONT structure.";

3
ui/gfx/system_fonts_win_unittest.cc

@ -7,6 +7,7 @@
#include <windows.h>
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/strings/utf_string_conversions.h"
#include "build/build_config.h"
#include "testing/gtest/include/gtest/gtest.h"
@ -38,7 +39,7 @@ class SystemFontsWinTest : public testing::Test {
LOGFONT CreateLOGFONT(const wchar_t* name, LONG height) {
LOGFONT logfont = {};
logfont.lfHeight = height;
auto result = wcscpy_s(logfont.lfFaceName, name);
auto result = UNSAFE_TODO(wcscpy_s(logfont.lfFaceName, name));
DCHECK_EQ(0, result);
return logfont;
}

5
ui/gfx/win/physical_size.cc

@ -12,6 +12,7 @@
#include <memory>
#include "base/check_op.h"
#include "base/compiler_specific.h"
#include "base/memory/free_deleter.h"
#include "base/scoped_generic.h"
#include "base/strings/utf_string_conversions.h"
@ -43,7 +44,7 @@ bool GetSizeFromRegistry(HDEVINFO device_info_list,
return false;
BYTE data[128]; // EDID block is exactly 128 bytes long.
ZeroMemory(&data[0], sizeof(data));
UNSAFE_TODO(ZeroMemory(&data[0], sizeof(data)));
DWORD data_length = sizeof(data);
LONG return_value =
reg_key.ReadValue(L"EDID", &data[0], &data_length, nullptr);
@ -143,7 +144,7 @@ std::vector<PhysicalDisplaySize> GetPhysicalSizeForDisplays() {
EDD_GET_DEVICE_INTERFACE_NAME)) {
wchar_t* attached_device_id = attached_device.DeviceID;
wchar_t* setup_device_path = interface_detail->DevicePath;
if (wcsicmp(attached_device_id, setup_device_path) == 0) {
if (UNSAFE_TODO(wcsicmp(attached_device_id, setup_device_path)) == 0) {
int width_mm;
int height_mm;
bool found = GetSizeFromRegistry(device_info_list.get(), &device_info,

3
ui/gfx/win/window_impl.cc

@ -7,6 +7,7 @@
#include <list>
#include "base/at_exit.h"
#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/debug/dump_without_crashing.h"
#include "base/functional/bind.h"
@ -238,7 +239,7 @@ void WindowImpl::Init(HWND parent, const Rect& bounds) {
bool got_valid_hwnd = got_valid_hwnd_;
base::debug::Alias(&got_valid_hwnd);
WNDCLASSEX class_info;
memset(&class_info, 0, sizeof(WNDCLASSEX));
UNSAFE_TODO(memset(&class_info, 0, sizeof(WNDCLASSEX)));
class_info.cbSize = sizeof(WNDCLASSEX);
BOOL got_class =
GetClassInfoEx(GetModuleHandle(nullptr),