From 978847c229d25d36b54d17cfe85e72dcbdff2a2f Mon Sep 17 00:00:00 2001
From: Tom Sepez <tsepez@chromium.org>
Date: Fri, 21 Mar 2025 20:43:59 -0700
Subject: [PATCH] Suppress still another batch of
-Wunsafe-buffers-in-libc-calls warnings.
These are mainly win-specific files this time around.
Bug: 390223051
Change-Id: I07b378500b76896ddb28cf52d4ad2d2d77d0b7f4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6369920
Reviewed-by: Alex Gough <ajgo@chromium.org>
Commit-Queue: Tom Sepez <tsepez@chromium.org>
Owners-Override: Alex Gough <ajgo@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1436413}
---
base/debug/stack_trace_win.cc | 7 ++++---
base/files/file_enumerator_win.cc | 7 ++++---
base/files/file_util_win.cc | 9 +++++----
base/i18n/icu_util.cc | 9 +++++----
base/message_loop/message_pump_win.cc | 3 ++-
base/process/process_iterator_win.cc | 5 +++--
base/sync_socket_win.cc | 6 ++++--
base/test/file_path_reparse_point_win.cc | 5 +++++
base/test/test_file_util_win.cc | 3 ++-
base/win/hstring_reference.cc | 3 ++-
base/win/patch_util.cc | 3 ++-
base/win/security_descriptor.cc | 3 ++-
base/win/winrt_storage_util.cc | 3 ++-
.../test_support/win/fake_ip_adapter_addresses.cc | 5 +++--
.../browser/os_crypt/app_bound_encryption_win.cc | 9 +++++----
chrome/chrome_elf/chrome_elf_main.cc | 5 +++++
chrome/common/win/delay_load_failure_hook.cc | 3 ++-
.../gaiacp/os_gaia_user_manager.cc | 5 +++--
.../gaiacp/scoped_lsa_policy.cc | 9 +++++----
chrome/credential_provider/setup/setup.cc | 6 ++++--
chrome/elevation_service/elevator.cc | 3 ++-
chrome/elevation_service/service_main_unittest.cc | 5 +++--
chrome/install_static/install_details.cc | 4 +++-
.../installer/setup/installer_state_unittest.cc | 11 +++++++----
chrome/installer/setup/setup_util_unittest.cc | 7 +++++--
.../util/install_service_work_item_unittest.cc | 5 +++++
.../chromedriver/keycode_text_conversion_win.cc | 3 +--
chrome/updater/util/win_util.cc | 4 ++--
.../app/fallback_crash_handler_win_unittest.cc | 3 ++-
.../named_mojo_server_endpoint_connector_win.cc | 3 ++-
components/winhttp/scoped_winttp_proxy_info.h | 3 ++-
device/base/device_info_query_win.cc | 3 ++-
device/base/device_monitor_win.cc | 3 ++-
device/bluetooth/bluetooth_socket_win.cc | 15 +++++++++------
media/cdm/win/media_foundation_cdm_util.cc | 8 +++++---
.../gpu/windows/d3d12_video_processor_wrapper.cc | 10 ++++++----
mojo/core/test/test_utils_win.cc | 5 +++++
.../cpp/platform/platform_channel_server_win.cc | 3 ++-
net/base/network_change_notifier_win.cc | 3 ++-
net/dns/dns_config_service_win.cc | 2 +-
net/dns/public/win_dns_system_settings.cc | 2 +-
remoting/host/desktop_display_info_loader_win.cc | 5 +++--
remoting/host/input_injector_win.cc | 2 +-
remoting/host/touch_injector_win.cc | 5 +++--
rlz/win/lib/rlz_lib_win.cc | 3 ++-
sandbox/win/src/lpc_policy_test.cc | 5 +++++
sandbox/win/src/policy_opcodes_unittest.cc | 6 +++---
sandbox/win/src/policy_target_test.cc | 4 +++-
...rocess_mitigations_extensionpoints_unittest.cc | 3 ++-
sandbox/win/src/process_policy_test.cc | 5 +++--
sandbox/win/src/service_resolver_64.cc | 5 +++--
sandbox/win/src/service_resolver_unittest.cc | 7 ++++---
sandbox/win/tests/common/test_utils.cc | 7 +++++--
services/device/usb/usb_device_handle_win.cc | 3 ++-
skia/ext/raster_handle_allocator_win.cc | 6 ++++--
.../on_screen_keyboard_display_manager_tab_tip.cc | 3 ++-
ui/display/win/color_profile_reader.cc | 3 ++-
ui/display/win/display_config_helper.cc | 5 ++++-
ui/display/win/display_info.cc | 3 ++-
ui/display/win/screen_win.cc | 3 ++-
ui/events/event_utils.h | 4 +++-
.../win/stylus_handwriting_properties_win.cc | 8 +++++---
ui/gfx/gdi_util.cc | 5 +++--
ui/gfx/system_fonts_win.cc | 5 +++--
ui/gfx/system_fonts_win_unittest.cc | 3 ++-
ui/gfx/win/physical_size.cc | 5 +++--
ui/gfx/win/window_impl.cc | 3 ++-
67 files changed, 214 insertions(+), 115 deletions(-)
diff --git a/base/debug/stack_trace_win.cc b/base/debug/stack_trace_win.cc
index 1a5e3d64ddb49..7220bd4211cb7 100644
--- a/base/debug/stack_trace_win.cc
+++ b/base/debug/stack_trace_win.cc
@@ -14,6 +14,7 @@
#include <iterator>
#include <memory>
+#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/memory/singleton.h"
@@ -266,7 +267,7 @@ class SymbolContext {
ULONG64 buffer[(sizeof(SYMBOL_INFO) + kMaxNameLength * sizeof(wchar_t) +
sizeof(ULONG64) - 1) /
sizeof(ULONG64)];
- memset(buffer, 0, sizeof(buffer));
+ UNSAFE_TODO(memset(buffer, 0, sizeof(buffer)));
// Initialize symbol information retrieval structures.
DWORD64 sym_displacement = 0;
@@ -346,14 +347,14 @@ void StackTrace::InitTrace(const CONTEXT* context_record) {
// context may have had more register state (YMM, etc) than we need to unwind
// the stack. Typically StackWalk64 only needs integer and control registers.
CONTEXT context_copy;
- memcpy(&context_copy, context_record, sizeof(context_copy));
+ UNSAFE_TODO(memcpy(&context_copy, context_record, sizeof(context_copy)));
context_copy.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;
// When walking an exception stack, we need to use StackWalk64().
count_ = 0;
// Initialize stack walking.
STACKFRAME64 stack_frame;
- memset(&stack_frame, 0, sizeof(stack_frame));
+ UNSAFE_TODO(memset(&stack_frame, 0, sizeof(stack_frame)));
#if defined(ARCH_CPU_X86_64)
DWORD machine_type = IMAGE_FILE_MACHINE_AMD64;
stack_frame.AddrPC.Offset = context_record->Rip;
diff --git a/base/files/file_enumerator_win.cc b/base/files/file_enumerator_win.cc
index 076f48fbf8eef..e3ae61189157d 100644
--- a/base/files/file_enumerator_win.cc
+++ b/base/files/file_enumerator_win.cc
@@ -9,6 +9,7 @@
#include "base/check.h"
#include "base/check_op.h"
+#include "base/compiler_specific.h"
#include "base/notreached.h"
#include "base/strings/string_util.h"
#include "base/threading/scoped_blocking_call.h"
@@ -37,7 +38,7 @@ FilePath BuildSearchFilter(FileEnumerator::FolderSearchPolicy policy,
// FileEnumerator::FileInfo ----------------------------------------------------
FileEnumerator::FileInfo::FileInfo() {
- memset(&find_data_, 0, sizeof(find_data_));
+ UNSAFE_TODO(memset(&find_data_, 0, sizeof(find_data_)));
}
bool FileEnumerator::FileInfo::IsDirectory() const {
@@ -115,7 +116,7 @@ FileEnumerator::FileEnumerator(const FilePath& root_path,
file_type_ |= (FileType::FILES | FileType::DIRECTORIES);
}
- memset(&find_data_, 0, sizeof(find_data_));
+ UNSAFE_TODO(memset(&find_data_, 0, sizeof(find_data_)));
pending_paths_.push(root_path);
}
@@ -129,7 +130,7 @@ FileEnumerator::FileInfo FileEnumerator::GetInfo() const {
DCHECK(!(file_type_ & FileType::NAMES_ONLY));
CHECK(has_find_data_);
FileInfo ret;
- memcpy(&ret.find_data_, &find_data_, sizeof(find_data_));
+ UNSAFE_TODO(memcpy(&ret.find_data_, &find_data_, sizeof(find_data_)));
return ret;
}
diff --git a/base/files/file_util_win.cc b/base/files/file_util_win.cc
index 28a259b8a085d..6ed96740435cc 100644
--- a/base/files/file_util_win.cc
+++ b/base/files/file_util_win.cc
@@ -25,6 +25,7 @@
#include "base/check.h"
#include "base/clang_profiling_buildflags.h"
+#include "base/compiler_specific.h"
#include "base/feature_list.h"
#include "base/features.h"
#include "base/files/file_enumerator.h"
@@ -868,7 +869,7 @@ bool DevicePathToDriveLetterPath(const FilePath& nt_device_path,
device_path.IsParent(nt_device_path)) {
*out_drive_letter_path =
FilePath(drive + nt_device_path.value().substr(
- wcslen(device_path_as_string)));
+ UNSAFE_TODO(wcslen(device_path_as_string))));
return true;
}
}
@@ -948,9 +949,9 @@ bool GetFileInfo(const FilePath& file_path, File::Info* results) {
FILE* OpenFile(const FilePath& filename, const char* mode) {
// 'N' is unconditionally added below, so be sure there is not one already
// present before a comma in |mode|.
- DCHECK(
- strchr(mode, 'N') == nullptr ||
- (strchr(mode, ',') != nullptr && strchr(mode, 'N') > strchr(mode, ',')));
+ DCHECK(UNSAFE_TODO(strchr(mode, 'N')) == nullptr ||
+ (UNSAFE_TODO(strchr(mode, ',')) != nullptr &&
+ UNSAFE_TODO(strchr(mode, 'N')) > UNSAFE_TODO(strchr(mode, ','))));
ScopedBlockingCall scoped_blocking_call(FROM_HERE, BlockingType::MAY_BLOCK);
std::wstring w_mode = UTF8ToWide(mode);
AppendModeCharacter(L'N', &w_mode);
diff --git a/base/i18n/icu_util.cc b/base/i18n/icu_util.cc
index 7c2960a56ff69..df9dd86a57e1b 100644
--- a/base/i18n/icu_util.cc
+++ b/base/i18n/icu_util.cc
@@ -15,6 +15,7 @@
#include <memory>
#include <string>
+#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/environment.h"
#include "base/files/file_path.h"
@@ -151,7 +152,7 @@ void LazyInitIcuDataFile() {
#if BUILDFLAG(IS_WIN)
// TODO(brucedawson): http://crbug.com/445616
wchar_t tmp_buffer[_MAX_PATH] = {};
- wcscpy_s(tmp_buffer, data_path.value().c_str());
+ UNSAFE_TODO(wcscpy_s(tmp_buffer, data_path.value().c_str()));
debug::Alias(tmp_buffer);
#endif
data_path = data_path.AppendASCII(kIcuDataFileName);
@@ -159,7 +160,7 @@ void LazyInitIcuDataFile() {
#if BUILDFLAG(IS_WIN)
// TODO(brucedawson): http://crbug.com/445616
wchar_t tmp_buffer2[_MAX_PATH] = {};
- wcscpy_s(tmp_buffer2, data_path.value().c_str());
+ UNSAFE_TODO(wcscpy_s(tmp_buffer2, data_path.value().c_str()));
debug::Alias(tmp_buffer2);
#endif
@@ -194,7 +195,7 @@ void LazyInitIcuDataFile() {
// TODO(brucedawson): http://crbug.com/445616.
g_debug_icu_pf_last_error = ::GetLastError();
g_debug_icu_pf_error_details = file.error_details();
- wcscpy_s(g_debug_icu_pf_filename, data_path.value().c_str());
+ UNSAFE_TODO(wcscpy_s(g_debug_icu_pf_filename, data_path.value().c_str()));
}
#endif // BUILDFLAG(IS_WIN)
}
@@ -287,7 +288,7 @@ bool InitializeICUFromDataFile() {
int debug_icu_pf_error_details = g_debug_icu_pf_error_details;
debug::Alias(&debug_icu_pf_error_details);
wchar_t debug_icu_pf_filename[_MAX_PATH] = {};
- wcscpy_s(debug_icu_pf_filename, g_debug_icu_pf_filename);
+ UNSAFE_TODO(wcscpy_s(debug_icu_pf_filename, g_debug_icu_pf_filename));
debug::Alias(&debug_icu_pf_filename);
#endif // BUILDFLAG(IS_WIN)
// Excluding Chrome OS from this CHECK due to b/289684640.
diff --git a/base/message_loop/message_pump_win.cc b/base/message_loop/message_pump_win.cc
index 5b9e417927870..1a263dc22f472 100644
--- a/base/message_loop/message_pump_win.cc
+++ b/base/message_loop/message_pump_win.cc
@@ -14,6 +14,7 @@
#include "base/auto_reset.h"
#include "base/check.h"
+#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/debug/crash_logging.h"
#include "base/debug/dump_without_crashing.h"
@@ -721,7 +722,7 @@ bool MessagePumpForUI::ProcessPumpReplacementMessage() {
MessagePumpForIO::IOContext::IOContext() {
std::construct_at(GetOverlapped());
- std::memset(GetOverlapped(), 0, sizeof(OVERLAPPED));
+ UNSAFE_TODO(std::memset(GetOverlapped(), 0, sizeof(OVERLAPPED)));
}
MessagePumpForIO::IOContext::~IOContext() {
diff --git a/base/process/process_iterator_win.cc b/base/process/process_iterator_win.cc
index f7dda9dde0fd5..f3951fdb81e79 100644
--- a/base/process/process_iterator_win.cc
+++ b/base/process/process_iterator_win.cc
@@ -4,6 +4,7 @@
#include "base/process/process_iterator.h"
+#include "base/compiler_specific.h"
#include "base/strings/string_util.h"
namespace base {
@@ -28,13 +29,13 @@ bool ProcessIterator::CheckForNextProcess() {
}
void ProcessIterator::InitProcessEntry(ProcessEntry* entry) {
- memset(entry, 0, sizeof(*entry));
+ UNSAFE_TODO(memset(entry, 0, sizeof(*entry)));
entry->dwSize = sizeof(*entry);
}
bool NamedProcessIterator::IncludeEntry() {
// Case insensitive.
- return !_wcsicmp(executable_name_.c_str(), entry().exe_file()) &&
+ return UNSAFE_TODO(!_wcsicmp(executable_name_.c_str(), entry().exe_file())) &&
ProcessIterator::IncludeEntry();
}
diff --git a/base/sync_socket_win.cc b/base/sync_socket_win.cc
index 5602b3d1a791c..77bc8e15b1805 100644
--- a/base/sync_socket_win.cc
+++ b/base/sync_socket_win.cc
@@ -10,6 +10,7 @@
#include <utility>
#include "base/check.h"
+#include "base/compiler_specific.h"
#include "base/containers/span.h"
#include "base/logging.h"
#include "base/notimplemented.h"
@@ -54,8 +55,9 @@ bool CreatePairImpl(ScopedHandle* socket_a,
unsigned long rnd_name;
RandBytes(byte_span_from_ref(rnd_name));
- swprintf(name, kPipePathMax, kPipeNameFormat, GetCurrentProcessId(),
- GetCurrentThreadId(), rnd_name);
+ UNSAFE_TODO(swprintf(name, kPipePathMax, kPipeNameFormat,
+ GetCurrentProcessId(), GetCurrentThreadId(),
+ rnd_name));
handle_a.Set(CreateNamedPipeW(
name, flags, PIPE_TYPE_BYTE | PIPE_READMODE_BYTE, 1, kOutBufferSize,
diff --git a/base/test/file_path_reparse_point_win.cc b/base/test/file_path_reparse_point_win.cc
index db26fb1e04d71..0445db1da25fa 100644
--- a/base/test/file_path_reparse_point_win.cc
+++ b/base/test/file_path_reparse_point_win.cc
@@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#ifdef UNSAFE_BUFFERS_BUILD
+// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
+#pragma allow_unsafe_libc_calls
+#endif
+
#include "base/test/file_path_reparse_point_win.h"
#include <windows.h>
diff --git a/base/test/test_file_util_win.cc b/base/test/test_file_util_win.cc
index e806b3e135910..2daf0693b35b6 100644
--- a/base/test/test_file_util_win.cc
+++ b/base/test/test_file_util_win.cc
@@ -15,6 +15,7 @@
#include "base/check.h"
#include "base/check_op.h"
+#include "base/compiler_specific.h"
#include "base/containers/heap_array.h"
#include "base/containers/span.h"
#include "base/files/file_path.h"
@@ -55,7 +56,7 @@ void* GetPermissionInfo(const FilePath& path, size_t* length) {
*length = sizeof(PSECURITY_DESCRIPTOR) + dacl->AclSize;
PermissionInfo* info = reinterpret_cast<PermissionInfo*>(new char[*length]);
info->security_descriptor = security_descriptor;
- memcpy(&info->dacl, dacl, dacl->AclSize);
+ UNSAFE_TODO(memcpy(&info->dacl, dacl, dacl->AclSize));
return info;
}
diff --git a/base/win/hstring_reference.cc b/base/win/hstring_reference.cc
index f98f1a27817b0..f98f5282fa364 100644
--- a/base/win/hstring_reference.cc
+++ b/base/win/hstring_reference.cc
@@ -10,6 +10,7 @@
#include <winstring.h>
#include "base/check_op.h"
+#include "base/compiler_specific.h"
#include "base/numerics/safe_conversions.h"
namespace base::win {
@@ -17,7 +18,7 @@ namespace base::win {
HStringReference::HStringReference(const wchar_t* str) {
// String must be null terminated for WindowsCreateStringReference.
// nullptr str is OK so long as the length is 0.
- size_t length = str ? wcslen(str) : 0;
+ size_t length = str ? UNSAFE_TODO(wcslen(str)) : 0;
const HRESULT hr = ::WindowsCreateStringReference(
str, checked_cast<UINT32>(length), &hstring_header_, &hstring_);
DCHECK_EQ(hr, S_OK);
diff --git a/base/win/patch_util.cc b/base/win/patch_util.cc
index bb5066095cbfc..e59f7538c85a7 100644
--- a/base/win/patch_util.cc
+++ b/base/win/patch_util.cc
@@ -4,6 +4,7 @@
#include "base/win/patch_util.h"
+#include "base/compiler_specific.h"
#include "base/notreached.h"
namespace base {
@@ -33,7 +34,7 @@ DWORD ModifyCode(void* destination, const void* source, size_t length) {
is_executable ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE,
&old_page_protection)) {
// Write the data.
- CopyMemory(destination, source, length);
+ UNSAFE_TODO(CopyMemory(destination, source, length));
// Restore the old page protection.
error = ERROR_SUCCESS;
diff --git a/base/win/security_descriptor.cc b/base/win/security_descriptor.cc
index 66cd37ec8d05e..1febc7c103c70 100644
--- a/base/win/security_descriptor.cc
+++ b/base/win/security_descriptor.cc
@@ -14,6 +14,7 @@
#include <utility>
#include <vector>
+#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/notreached.h"
@@ -315,7 +316,7 @@ std::optional<std::wstring> SecurityDescriptor::ToSddl(
}
void SecurityDescriptor::ToAbsolute(SECURITY_DESCRIPTOR& sd) {
- memset(&sd, 0, sizeof(sd));
+ UNSAFE_TODO(memset(&sd, 0, sizeof(sd)));
sd.Revision = SECURITY_DESCRIPTOR_REVISION;
sd.Owner = owner_ ? owner_->GetPSID() : nullptr;
sd.Group = group_ ? group_->GetPSID() : nullptr;
diff --git a/base/win/winrt_storage_util.cc b/base/win/winrt_storage_util.cc
index 26f1fcc23d9a2..f95f801d2e698 100644
--- a/base/win/winrt_storage_util.cc
+++ b/base/win/winrt_storage_util.cc
@@ -10,6 +10,7 @@
#include <utility>
+#include "base/compiler_specific.h"
#include "base/strings/string_util.h"
#include "base/win/core_winrt_util.h"
#include "base/win/scoped_hstring.h"
@@ -69,7 +70,7 @@ HRESULT CreateIBufferFromData(const uint8_t* data,
return hr;
}
- memcpy(p_buffer_data, data, length);
+ UNSAFE_TODO(memcpy(p_buffer_data, data, length));
*buffer = std::move(internal_buffer);
diff --git a/chrome/browser/media/router/discovery/test_support/win/fake_ip_adapter_addresses.cc b/chrome/browser/media/router/discovery/test_support/win/fake_ip_adapter_addresses.cc
index 4dbb2263d5ecd..8938d874524a9 100644
--- a/chrome/browser/media/router/discovery/test_support/win/fake_ip_adapter_addresses.cc
+++ b/chrome/browser/media/router/discovery/test_support/win/fake_ip_adapter_addresses.cc
@@ -5,6 +5,7 @@
#include "chrome/browser/media/router/discovery/test_support/win/fake_ip_adapter_addresses.h"
#include "base/check_op.h"
+#include "base/compiler_specific.h"
namespace media_router {
@@ -25,8 +26,8 @@ FakeIpAdapterAddresses::FakeIpAdapterAddresses(
static_cast<size_t>(MAX_ADAPTER_ADDRESS_LENGTH));
value_.PhysicalAddressLength = physical_address.size();
- memcpy(value_.PhysicalAddress, physical_address.data(),
- physical_address.size());
+ UNSAFE_TODO(memcpy(value_.PhysicalAddress, physical_address.data(),
+ physical_address.size()));
}
FakeIpAdapterAddresses::FakeIpAdapterAddresses(
diff --git a/chrome/browser/os_crypt/app_bound_encryption_win.cc b/chrome/browser/os_crypt/app_bound_encryption_win.cc
index f8d12eb2e64c3..9f062d48296aa 100644
--- a/chrome/browser/os_crypt/app_bound_encryption_win.cc
+++ b/chrome/browser/os_crypt/app_bound_encryption_win.cc
@@ -12,6 +12,7 @@
#include <wrl/client.h>
#include "base/check_op.h"
+#include "base/compiler_specific.h"
#include "base/feature_list.h"
#include "base/files/file_path.h"
#include "base/logging.h"
@@ -166,8 +167,8 @@ HRESULT EncryptAppBoundString(ProtectionLevel protection_level,
return hr;
base::win::ScopedBstr plaintext_data;
- ::memcpy(plaintext_data.AllocateBytes(plaintext.length()), plaintext.data(),
- plaintext.length());
+ UNSAFE_TODO(::memcpy(plaintext_data.AllocateBytes(plaintext.length()),
+ plaintext.data(), plaintext.length()));
base::win::ScopedBstr encrypted_data;
if (flags) {
@@ -211,8 +212,8 @@ HRESULT DecryptAppBoundString(const std::string& ciphertext,
return hr;
base::win::ScopedBstr ciphertext_data;
- ::memcpy(ciphertext_data.AllocateBytes(ciphertext.length()),
- ciphertext.data(), ciphertext.length());
+ UNSAFE_TODO(::memcpy(ciphertext_data.AllocateBytes(ciphertext.length()),
+ ciphertext.data(), ciphertext.length()));
base::win::ScopedBstr plaintext_data;
hr = elevator->DecryptData(ciphertext_data.Get(), plaintext_data.Receive(),
diff --git a/chrome/chrome_elf/chrome_elf_main.cc b/chrome/chrome_elf/chrome_elf_main.cc
index 71e7fb7da093b..5d82ed31fb794 100644
--- a/chrome/chrome_elf/chrome_elf_main.cc
+++ b/chrome/chrome_elf/chrome_elf_main.cc
@@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#ifdef UNSAFE_BUFFERS_BUILD
+// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
+#pragma allow_unsafe_libc_calls
+#endif
+
#include "chrome/chrome_elf/chrome_elf_main.h"
#include <windows.h>
diff --git a/chrome/common/win/delay_load_failure_hook.cc b/chrome/common/win/delay_load_failure_hook.cc
index af51aa52e5713..d1c1103df560c 100644
--- a/chrome/common/win/delay_load_failure_hook.cc
+++ b/chrome/common/win/delay_load_failure_hook.cc
@@ -8,6 +8,7 @@
#include <delayimp.h>
#include "base/check.h"
+#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/strings/string_util.h"
#include "chrome/common/win/delay_load_failure_support.h"
@@ -21,7 +22,7 @@ namespace {
// this won't generate a crash report.
FARPROC WINAPI DelayLoadFailureHook(unsigned reason, DelayLoadInfo* dll_info) {
char dll_name[MAX_PATH];
- base::strlcpy(dll_name, dll_info->szDll, std::size(dll_name));
+ UNSAFE_TODO(base::strlcpy(dll_name, dll_info->szDll, std::size(dll_name)));
// It's not an error if "bthprops.cpl" fails to be loaded, there's a custom
// exception handler in 'device/bluetooth/bluetooth_init_win.cc" that will
// intercept the exception triggered by the delay load runtime. Returning 0
diff --git a/chrome/credential_provider/gaiacp/os_gaia_user_manager.cc b/chrome/credential_provider/gaiacp/os_gaia_user_manager.cc
index 6991510dcdd21..cfdeb896ada5b 100644
--- a/chrome/credential_provider/gaiacp/os_gaia_user_manager.cc
+++ b/chrome/credential_provider/gaiacp/os_gaia_user_manager.cc
@@ -11,6 +11,7 @@
#include <ntstatus.h>
#include <sddl.h>
+#include "base/compiler_specific.h"
#include "base/win/ntsecapi_shim.h"
#include "chrome/credential_provider/common/gcp_strings.h"
#include "chrome/credential_provider/gaiacp/gaia_resources.h"
@@ -52,7 +53,7 @@ HRESULT GetCurrentGaiaSid(const int& size, wchar_t* current_sid) {
return hr;
}
- errno_t err = wcscpy_s(current_sid, size, sid.c_str());
+ errno_t err = UNSAFE_TODO(wcscpy_s(current_sid, size, sid.c_str()));
return err == 0 ? S_OK : E_FAIL;
}
@@ -106,7 +107,7 @@ HRESULT IsGaiaUserSidDifferent(bool* is_sid_different) {
return hr;
}
- if (wcscmp(stored_sid, current_sid) != 0) {
+ if (UNSAFE_TODO(wcscmp(stored_sid, current_sid)) != 0) {
*is_sid_different = true;
}
return hr;
diff --git a/chrome/credential_provider/gaiacp/scoped_lsa_policy.cc b/chrome/credential_provider/gaiacp/scoped_lsa_policy.cc
index 68db9194d2cd4..61794dfc46f4b 100644
--- a/chrome/credential_provider/gaiacp/scoped_lsa_policy.cc
+++ b/chrome/credential_provider/gaiacp/scoped_lsa_policy.cc
@@ -9,6 +9,7 @@
#include <lm.h>
#include <ntstatus.h>
+#include "base/compiler_specific.h"
#include "base/win/ntsecapi_shim.h"
#include "chrome/credential_provider/gaiacp/gcp_utils.h"
#include "chrome/credential_provider/gaiacp/logging.h"
@@ -37,7 +38,7 @@ std::unique_ptr<ScopedLsaPolicy> ScopedLsaPolicy::Create(ACCESS_MASK mask) {
ScopedLsaPolicy::ScopedLsaPolicy(ACCESS_MASK mask) {
LSA_OBJECT_ATTRIBUTES oa;
- memset(&oa, 0, sizeof(oa));
+ UNSAFE_TODO(memset(&oa, 0, sizeof(oa)));
NTSTATUS sts = ::LsaOpenPolicy(nullptr, &oa, mask, &handle_);
if (sts != STATUS_SUCCESS) {
HRESULT hr = HRESULT_FROM_NT(sts);
@@ -100,7 +101,7 @@ HRESULT ScopedLsaPolicy::RetrievePrivateData(const wchar_t* key,
if (sts != STATUS_SUCCESS)
return HRESULT_FROM_NT(sts);
- errno_t err = wcscpy_s(value, length, lsa_value->Buffer);
+ errno_t err = UNSAFE_TODO(wcscpy_s(value, length, lsa_value->Buffer));
SecurelyClearBuffer(lsa_value->Buffer, lsa_value->Length);
::LsaFreeMemory(lsa_value);
@@ -189,8 +190,8 @@ HRESULT ScopedLsaPolicy::RemoveAccount(PSID sid) {
void ScopedLsaPolicy::InitLsaString(const wchar_t* string,
_UNICODE_STRING* lsa_string) {
lsa_string->Buffer = const_cast<wchar_t*>(string);
- lsa_string->Length =
- static_cast<USHORT>(wcslen(lsa_string->Buffer) * sizeof(wchar_t));
+ lsa_string->Length = static_cast<USHORT>(
+ UNSAFE_TODO(wcslen(lsa_string->Buffer)) * sizeof(wchar_t));
lsa_string->MaximumLength = lsa_string->Length + sizeof(wchar_t);
}
diff --git a/chrome/credential_provider/setup/setup.cc b/chrome/credential_provider/setup/setup.cc
index d9bef4f96e7f2..d8d63e01d552a 100644
--- a/chrome/credential_provider/setup/setup.cc
+++ b/chrome/credential_provider/setup/setup.cc
@@ -6,6 +6,7 @@
// that the app can be made entireless silent, as required by omaha.
#include <Windows.h>
+
#include <shlobj.h> // Needed for IsUserAnAdmin()
#include <stdlib.h>
@@ -14,6 +15,7 @@
#include "base/at_exit.h"
#include "base/command_line.h"
+#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/logging.h"
@@ -146,7 +148,7 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
time_string, std::size(time_string)) == 0) {
HRESULT last_error_hr = HRESULT_FROM_WIN32(::GetLastError());
LOGFN(ERROR) << "GetTimeFormatEx(start) hr=" << putHR(last_error_hr);
- wcscpy_s(time_string, std::size(time_string), L"Unknown");
+ UNSAFE_TODO(wcscpy_s(time_string, std::size(time_string), L"Unknown"));
}
LOGFN(INFO) << "Start: " << time_string;
@@ -216,7 +218,7 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
time_string, std::size(time_string)) == 0) {
HRESULT last_error_hr = HRESULT_FROM_WIN32(::GetLastError());
LOGFN(ERROR) << "GetTimeFormatEx(end) hr=" << putHR(last_error_hr);
- wcscpy_s(time_string, std::size(time_string), L"Unknown");
+ UNSAFE_TODO(wcscpy_s(time_string, std::size(time_string), L"Unknown"));
}
LOGFN(INFO) << (SUCCEEDED(hr) ? "Setup completed successfully"
diff --git a/chrome/elevation_service/elevator.cc b/chrome/elevation_service/elevator.cc
index d18940c9020b2..f2346fa970445 100644
--- a/chrome/elevation_service/elevator.cc
+++ b/chrome/elevation_service/elevator.cc
@@ -12,6 +12,7 @@
#include <vector>
#include "base/command_line.h"
+#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/numerics/safe_conversions.h"
@@ -253,7 +254,7 @@ std::string Elevator::PopFromStringFront(std::string& str) {
return std::string();
auto it = str.begin();
// Obtain the size.
- memcpy(&size, str.c_str(), sizeof(size));
+ UNSAFE_TODO(memcpy(&size, str.c_str(), sizeof(size)));
// Skip over the size field.
std::string value;
if (size) {
diff --git a/chrome/elevation_service/service_main_unittest.cc b/chrome/elevation_service/service_main_unittest.cc
index c775d8d296c23..c3d1134c93e73 100644
--- a/chrome/elevation_service/service_main_unittest.cc
+++ b/chrome/elevation_service/service_main_unittest.cc
@@ -7,6 +7,7 @@
#include <string>
#include <utility>
+#include "base/compiler_specific.h"
#include "base/containers/heap_array.h"
#include "base/files/file_path.h"
#include "base/path_service.h"
@@ -105,7 +106,7 @@ TEST_F(ServiceMainTest, EncryptDecryptTest) {
BSTR input = ::SysAllocStringByteLen(nullptr, plaintext.length());
ASSERT_TRUE(input);
- memcpy(input, plaintext.data(), plaintext.length());
+ UNSAFE_TODO(memcpy(input, plaintext.data(), plaintext.length()));
base::win::ScopedBstr output;
DWORD last_error;
HRESULT hr =
@@ -120,7 +121,7 @@ TEST_F(ServiceMainTest, EncryptDecryptTest) {
output.ByteLength());
BSTR input2 = ::SysAllocStringByteLen(nullptr, encrypted.length());
- memcpy(input2, encrypted.data(), encrypted.length());
+ UNSAFE_TODO(memcpy(input2, encrypted.data(), encrypted.length()));
base::win::ScopedBstr original;
hr = elevator->DecryptData(input2, original.Receive(), &last_error);
diff --git a/chrome/install_static/install_details.cc b/chrome/install_static/install_details.cc
index 3348440bc1ee5..f99a867705fca 100644
--- a/chrome/install_static/install_details.cc
+++ b/chrome/install_static/install_details.cc
@@ -9,6 +9,7 @@
#include <type_traits>
+#include "base/compiler_specific.h"
#include "base/version_info/version_info_values.h"
#include "chrome/chrome_elf/nt_registry/nt_registry.h"
#include "chrome/install_static/install_modes.h"
@@ -37,7 +38,8 @@ std::wstring InstallDetails::GetClientStateMediumKeyPath() const {
bool InstallDetails::VersionMismatch() const {
// Check the product version and the size of the mode structure.
return payload_->size != sizeof(Payload) ||
- strcmp(payload_->product_version, &kProductVersion[0]) != 0 ||
+ UNSAFE_TODO(strcmp(payload_->product_version, &kProductVersion[0])) !=
+ 0 ||
payload_->mode->size != sizeof(InstallConstants);
}
diff --git a/chrome/installer/setup/installer_state_unittest.cc b/chrome/installer/setup/installer_state_unittest.cc
index 56873f71dedbc..1c1262179208c 100644
--- a/chrome/installer/setup/installer_state_unittest.cc
+++ b/chrome/installer/setup/installer_state_unittest.cc
@@ -13,6 +13,7 @@
#include "base/base_paths.h"
#include "base/command_line.h"
+#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
@@ -178,8 +179,9 @@ TEST_F(InstallerStateTest, InitializeTwice) {
EXPECT_EQ(InstallerState::USER_LEVEL, installer_state.level());
EXPECT_EQ(InstallerState::SINGLE_INSTALL_OR_UPDATE,
installer_state.operation());
- EXPECT_TRUE(wcsstr(installer_state.target_path().value().c_str(),
- install_static::GetChromeInstallSubDirectory().c_str()));
+ EXPECT_TRUE(UNSAFE_TODO(
+ wcsstr(installer_state.target_path().value().c_str(),
+ install_static::GetChromeInstallSubDirectory().c_str())));
EXPECT_FALSE(installer_state.verbose_logging());
EXPECT_EQ(installer_state.state_key(),
install_static::GetClientStateKeyPath());
@@ -196,8 +198,9 @@ TEST_F(InstallerStateTest, InitializeTwice) {
EXPECT_EQ(InstallerState::SYSTEM_LEVEL, installer_state.level());
EXPECT_EQ(InstallerState::SINGLE_INSTALL_OR_UPDATE,
installer_state.operation());
- EXPECT_TRUE(wcsstr(installer_state.target_path().value().c_str(),
- install_static::GetChromeInstallSubDirectory().c_str()));
+ EXPECT_TRUE(UNSAFE_TODO(
+ wcsstr(installer_state.target_path().value().c_str(),
+ install_static::GetChromeInstallSubDirectory().c_str())));
EXPECT_TRUE(installer_state.verbose_logging());
EXPECT_EQ(installer_state.state_key(),
install_static::GetClientStateKeyPath());
diff --git a/chrome/installer/setup/setup_util_unittest.cc b/chrome/installer/setup/setup_util_unittest.cc
index 6beae4df82997..0949d9f867015 100644
--- a/chrome/installer/setup/setup_util_unittest.cc
+++ b/chrome/installer/setup/setup_util_unittest.cc
@@ -16,6 +16,7 @@
#include "base/base64.h"
#include "base/command_line.h"
+#include "base/compiler_specific.h"
#include "base/containers/contains.h"
#include "base/files/file_util.h"
#include "base/files/scoped_temp_dir.h"
@@ -582,7 +583,8 @@ TEST(SetupUtilTest, StoreDMTokenToRegistrySuccess) {
key.ReadValue(name.c_str(), raw_value.data(), &size, &dtype));
EXPECT_EQ(REG_BINARY, dtype);
ASSERT_EQ(kExpectedSize, size);
- EXPECT_EQ(0, memcmp(token.data(), raw_value.data(), kExpectedSize));
+ EXPECT_EQ(0,
+ UNSAFE_TODO(memcmp(token.data(), raw_value.data(), kExpectedSize)));
std::tie(key, name) = InstallUtil::GetCloudManagementDmTokenLocation(
InstallUtil::ReadOnly(true), InstallUtil::BrowserLocation(true));
@@ -593,7 +595,8 @@ TEST(SetupUtilTest, StoreDMTokenToRegistrySuccess) {
key.ReadValue(name.c_str(), raw_value.data(), &size, &dtype));
EXPECT_EQ(REG_BINARY, dtype);
ASSERT_EQ(kExpectedSize, size);
- EXPECT_EQ(0, memcmp(token.data(), raw_value.data(), kExpectedSize));
+ EXPECT_EQ(0,
+ UNSAFE_TODO(memcmp(token.data(), raw_value.data(), kExpectedSize)));
}
TEST(SetupUtilTest, StoreDMTokenToRegistryShouldFailWhenDMTokenTooLarge) {
diff --git a/chrome/installer/util/install_service_work_item_unittest.cc b/chrome/installer/util/install_service_work_item_unittest.cc
index 71f199dd4b452..4a61e6dbea995 100644
--- a/chrome/installer/util/install_service_work_item_unittest.cc
+++ b/chrome/installer/util/install_service_work_item_unittest.cc
@@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#ifdef UNSAFE_BUFFERS_BUILD
+// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
+#pragma allow_unsafe_libc_calls
+#endif
+
#include "chrome/installer/util/install_service_work_item.h"
#include <shlobj.h>
diff --git a/chrome/test/chromedriver/keycode_text_conversion_win.cc b/chrome/test/chromedriver/keycode_text_conversion_win.cc
index 72e9549f79c46..df4910cec6b95 100644
--- a/chrome/test/chromedriver/keycode_text_conversion_win.cc
+++ b/chrome/test/chromedriver/keycode_text_conversion_win.cc
@@ -21,8 +21,7 @@ bool ConvertKeyCodeToText(
ui::KeyboardCode key_code, int modifiers, std::string* text,
std::string* error_msg) {
UINT scan_code = ::MapVirtualKeyW(key_code, MAPVK_VK_TO_VSC);
- BYTE keyboard_state[256];
- memset(keyboard_state, 0, 256);
+ BYTE keyboard_state[256] = {};
*error_msg = std::string();
if (modifiers & kShiftKeyModifierMask)
keyboard_state[VK_SHIFT] |= 0x80;
diff --git a/chrome/updater/util/win_util.cc b/chrome/updater/util/win_util.cc
index 43938812e056c..702573532a8ea 100644
--- a/chrome/updater/util/win_util.cc
+++ b/chrome/updater/util/win_util.cc
@@ -108,8 +108,8 @@ HRESULT GetSidIntegrityLevel(PSID sid, MANDATORY_LEVEL* level) {
}
constexpr SID_IDENTIFIER_AUTHORITY kMandatoryLabelAuth =
SECURITY_MANDATORY_LABEL_AUTHORITY;
- if (std::memcmp(authority, &kMandatoryLabelAuth,
- sizeof(SID_IDENTIFIER_AUTHORITY))) {
+ if (UNSAFE_TODO(std::memcmp(authority, &kMandatoryLabelAuth,
+ sizeof(SID_IDENTIFIER_AUTHORITY)))) {
return E_FAIL;
}
PUCHAR count = ::GetSidSubAuthorityCount(sid);
diff --git a/components/crash/core/app/fallback_crash_handler_win_unittest.cc b/components/crash/core/app/fallback_crash_handler_win_unittest.cc
index 03bbbe77ceac2..e7d50eb8f3ded 100644
--- a/components/crash/core/app/fallback_crash_handler_win_unittest.cc
+++ b/components/crash/core/app/fallback_crash_handler_win_unittest.cc
@@ -12,6 +12,7 @@
#include "base/base_switches.h"
#include "base/check_op.h"
#include "base/command_line.h"
+#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/files/scoped_temp_dir.h"
#include "base/process/process_handle.h"
@@ -37,7 +38,7 @@ class ExceptionPointers {
public:
ExceptionPointers() {
RtlCaptureContext(&context_);
- memset(&exception_, 0, sizeof(exception_));
+ UNSAFE_TODO(memset(&exception_, 0, sizeof(exception_)));
exception_.ExceptionCode = EXCEPTION_ACCESS_VIOLATION;
exception_ptrs_.ExceptionRecord = &exception_;
diff --git a/components/named_mojo_ipc_server/named_mojo_server_endpoint_connector_win.cc b/components/named_mojo_ipc_server/named_mojo_server_endpoint_connector_win.cc
index 6bef2f72a1f06..54cdb103d404a 100644
--- a/components/named_mojo_ipc_server/named_mojo_server_endpoint_connector_win.cc
+++ b/components/named_mojo_ipc_server/named_mojo_server_endpoint_connector_win.cc
@@ -12,6 +12,7 @@
#include <utility>
#include "base/check.h"
+#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/logging.h"
#include "base/memory/scoped_refptr.h"
@@ -116,7 +117,7 @@ void NamedMojoServerEndpointConnectorWin::Connect() {
// The |lpOverlapped| argument of ConnectNamedPipe() has the annotation of
// [in, out, optional], so we reset the content before passing it in, just to
// be safe.
- memset(&connect_overlapped_, 0, sizeof(connect_overlapped_));
+ UNSAFE_TODO(memset(&connect_overlapped_, 0, sizeof(connect_overlapped_)));
connect_overlapped_.hEvent = client_connected_event_.handle();
BOOL ok =
ConnectNamedPipe(pending_named_pipe_handle_.Get(), &connect_overlapped_);
diff --git a/components/winhttp/scoped_winttp_proxy_info.h b/components/winhttp/scoped_winttp_proxy_info.h
index b3803b57e7008..10488aa5bc024 100644
--- a/components/winhttp/scoped_winttp_proxy_info.h
+++ b/components/winhttp/scoped_winttp_proxy_info.h
@@ -11,6 +11,7 @@
#include <string>
+#include "base/compiler_specific.h"
#include "base/logging.h"
namespace winhttp {
@@ -94,7 +95,7 @@ class ScopedWinHttpProxyInfo {
return nullptr;
}
- memcpy(string_mem, str.data(), size_in_bytes);
+ UNSAFE_TODO(memcpy(string_mem, str.data(), size_in_bytes));
return string_mem;
}
WINHTTP_PROXY_INFO proxy_info_ = {};
diff --git a/device/base/device_info_query_win.cc b/device/base/device_info_query_win.cc
index f99c605c8f9c5..be0fe06c9856b 100644
--- a/device/base/device_info_query_win.cc
+++ b/device/base/device_info_query_win.cc
@@ -7,6 +7,7 @@
#include <stddef.h>
#include <string.h>
+#include "base/compiler_specific.h"
#include "base/strings/string_util.h"
#include "base/strings/utf_string_conversions.h"
@@ -14,7 +15,7 @@ namespace device {
DeviceInfoQueryWin::DeviceInfoQueryWin()
: device_info_list_(SetupDiCreateDeviceInfoList(nullptr, nullptr)) {
- memset(&device_info_data_, 0, sizeof(device_info_data_));
+ UNSAFE_TODO(memset(&device_info_data_, 0, sizeof(device_info_data_)));
}
DeviceInfoQueryWin::~DeviceInfoQueryWin() {
diff --git a/device/base/device_monitor_win.cc b/device/base/device_monitor_win.cc
index 14a1c791c2bef..9b002ded0fe4d 100644
--- a/device/base/device_monitor_win.cc
+++ b/device/base/device_monitor_win.cc
@@ -13,6 +13,7 @@
#include <memory>
#include "base/at_exit.h"
+#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/logging.h"
@@ -33,7 +34,7 @@ DeviceMonitorMessageWindow* g_message_window;
// STL map.
struct CompareGUID {
bool operator()(const GUID& a, const GUID& b) const {
- return memcmp(&a, &b, sizeof a) < 0;
+ return UNSAFE_TODO(memcmp(&a, &b, sizeof a)) < 0;
}
};
} // namespace
diff --git a/device/bluetooth/bluetooth_socket_win.cc b/device/bluetooth/bluetooth_socket_win.cc
index 9820de0741da7..f93280eec374c 100644
--- a/device/bluetooth/bluetooth_socket_win.cc
+++ b/device/bluetooth/bluetooth_socket_win.cc
@@ -10,6 +10,7 @@
#include <string>
#include <utility>
+#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/functional/callback_helpers.h"
#include "base/logging.h"
@@ -63,10 +64,12 @@ namespace device {
struct BluetoothSocketWin::ServiceRegData {
ServiceRegData() {
- ZeroMemory(&address, sizeof(address));
- ZeroMemory(&address_info, sizeof(address_info));
- ZeroMemory(&uuid, sizeof(uuid));
- ZeroMemory(&service, sizeof(service));
+ UNSAFE_TODO({
+ ZeroMemory(&address, sizeof(address));
+ ZeroMemory(&address_info, sizeof(address_info));
+ ZeroMemory(&uuid, sizeof(uuid));
+ ZeroMemory(&service, sizeof(service));
+ });
}
SOCKADDR_BTH address;
@@ -193,7 +196,7 @@ void BluetoothSocketWin::DoConnect(base::OnceClosure success_callback,
net::EnsureWinsockInit();
SOCKET socket_fd = socket(AF_BTH, SOCK_STREAM, BTHPROTO_RFCOMM);
SOCKADDR_BTH sa;
- ZeroMemory(&sa, sizeof(sa));
+ UNSAFE_TODO(ZeroMemory(&sa, sizeof(sa)));
sa.addressFamily = AF_BTH;
sa.port = rfcomm_channel_;
sa.btAddr = bth_addr_;
@@ -262,7 +265,7 @@ void BluetoothSocketWin::DoListen(const BluetoothUUID& uuid,
SOCKADDR_BTH sa;
struct sockaddr* sock_addr = reinterpret_cast<struct sockaddr*>(&sa);
int sock_addr_len = sizeof(sa);
- ZeroMemory(&sa, sock_addr_len);
+ UNSAFE_TODO(ZeroMemory(&sa, sock_addr_len));
sa.addressFamily = AF_BTH;
sa.port = rfcomm_channel ? rfcomm_channel : BT_PORT_ANY;
if (bind(socket_fd, sock_addr, sock_addr_len) < 0) {
diff --git a/media/cdm/win/media_foundation_cdm_util.cc b/media/cdm/win/media_foundation_cdm_util.cc
index 8d7e7a4d0ace7..c4867744c4ecd 100644
--- a/media/cdm/win/media_foundation_cdm_util.cc
+++ b/media/cdm/win/media_foundation_cdm_util.cc
@@ -4,11 +4,13 @@
#include "media/cdm/win/media_foundation_cdm_util.h"
-#include <combaseapi.h>
#include <initguid.h> // Needed for DEFINE_PROPERTYKEY to work properly.
+
+#include <combaseapi.h>
#include <mferror.h>
#include <propkeydef.h> // Needed for DEFINE_PROPERTYKEY.
+#include "base/compiler_specific.h"
#include "base/files/file_util.h"
#include "base/strings/utf_string_conversions.h"
#include "base/win/propvarutil.h"
@@ -142,8 +144,8 @@ HRESULT BuildCdmProperties(
client_token_propvar->caub.cElems = client_token->size();
client_token_propvar->caub.pElems = reinterpret_cast<unsigned char*>(
CoTaskMemAlloc(client_token->size() * sizeof(char)));
- memcpy(client_token_propvar->caub.pElems, client_token->data(),
- client_token->size());
+ UNSAFE_TODO(memcpy(client_token_propvar->caub.pElems, client_token->data(),
+ client_token->size()));
RETURN_IF_FAILED(temp_properties->SetValue(
EME_CONTENTDECRYPTIONMODULE_CLIENT_TOKEN, client_token_var.get()));
diff --git a/media/gpu/windows/d3d12_video_processor_wrapper.cc b/media/gpu/windows/d3d12_video_processor_wrapper.cc
index d810de23452b8..bf97010278f4b 100644
--- a/media/gpu/windows/d3d12_video_processor_wrapper.cc
+++ b/media/gpu/windows/d3d12_video_processor_wrapper.cc
@@ -4,6 +4,7 @@
#include "media/gpu/windows/d3d12_video_processor_wrapper.h"
+#include "base/compiler_specific.h"
#include "base/logging.h"
#include "base/memory/ptr_util.h"
#include "media/gpu/windows/d3d12_helpers.h"
@@ -95,10 +96,11 @@ bool D3D12VideoProcessorWrapper::ProcessFrames(
};
HRESULT hr;
- if (memcmp(&input_stream_desc, &input_stream_desc_,
- sizeof(D3D12_VIDEO_PROCESS_INPUT_STREAM_DESC)) != 0 ||
- memcmp(&output_stream_desc, &output_stream_desc_,
- sizeof(D3D12_VIDEO_PROCESS_OUTPUT_STREAM_DESC)) != 0) {
+ if (UNSAFE_TODO(memcmp(&input_stream_desc, &input_stream_desc_,
+ sizeof(D3D12_VIDEO_PROCESS_INPUT_STREAM_DESC))) != 0 ||
+ UNSAFE_TODO(memcmp(&output_stream_desc, &output_stream_desc_,
+ sizeof(D3D12_VIDEO_PROCESS_OUTPUT_STREAM_DESC))) !=
+ 0) {
D3D12_FEATURE_DATA_VIDEO_PROCESS_SUPPORT support{
.InputSample = {.Width = static_cast<UINT>(input_texture_desc.Width),
.Height = input_texture_desc.Height,
diff --git a/mojo/core/test/test_utils_win.cc b/mojo/core/test/test_utils_win.cc
index 424aca9f3ce36..1ae83e8bf227b 100644
--- a/mojo/core/test/test_utils_win.cc
+++ b/mojo/core/test/test_utils_win.cc
@@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#ifdef UNSAFE_BUFFERS_BUILD
+// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
+#pragma allow_unsafe_libc_calls
+#endif
+
#include "mojo/core/test/test_utils.h"
#include <windows.h>
diff --git a/mojo/public/cpp/platform/platform_channel_server_win.cc b/mojo/public/cpp/platform/platform_channel_server_win.cc
index 08b31902f1fb9..b2cb19349cb3f 100644
--- a/mojo/public/cpp/platform/platform_channel_server_win.cc
+++ b/mojo/public/cpp/platform/platform_channel_server_win.cc
@@ -11,6 +11,7 @@
#include <utility>
#include "base/check.h"
+#include "base/compiler_specific.h"
#include "base/memory/weak_ptr.h"
#include "base/task/current_thread.h"
#include "base/task/sequenced_task_runner.h"
@@ -27,7 +28,7 @@ class ListenerImpl : public PlatformChannelServer::Listener,
public base::win::ObjectWatcher::Delegate {
public:
ListenerImpl() {
- memset(&connect_overlapped_, 0, sizeof(connect_overlapped_));
+ UNSAFE_TODO(memset(&connect_overlapped_, 0, sizeof(connect_overlapped_)));
}
~ListenerImpl() override {
diff --git a/net/base/network_change_notifier_win.cc b/net/base/network_change_notifier_win.cc
index 318751974598e..22750a86fb754 100644
--- a/net/base/network_change_notifier_win.cc
+++ b/net/base/network_change_notifier_win.cc
@@ -10,6 +10,7 @@
#include <utility>
+#include "base/compiler_specific.h"
#include "base/feature_list.h"
#include "base/functional/bind.h"
#include "base/location.h"
@@ -45,7 +46,7 @@ NetworkChangeNotifierWin::NetworkChangeNotifierWin()
CONNECTION_NONE),
sequence_runner_for_registration_(
base::SequencedTaskRunner::GetCurrentDefault()) {
- memset(&addr_overlapped_, 0, sizeof addr_overlapped_);
+ UNSAFE_TODO(memset(&addr_overlapped_, 0, sizeof addr_overlapped_));
addr_overlapped_.hEvent = WSACreateEvent();
cost_change_notifier_ = NetworkCostChangeNotifierWin::CreateInstance(
diff --git a/net/dns/dns_config_service_win.cc b/net/dns/dns_config_service_win.cc
index e4536b33a3528..dbe99d692ae78 100644
--- a/net/dns/dns_config_service_win.cc
+++ b/net/dns/dns_config_service_win.cc
@@ -98,7 +98,7 @@ ReadAdapterUnicastAddresses() {
for (unsigned tries = 0; (tries < 3) && (rv == ERROR_BUFFER_OVERFLOW);
tries++) {
out.reset(static_cast<PIP_ADAPTER_ADDRESSES>(malloc(len)));
- memset(out.get(), 0, len);
+ UNSAFE_TODO(memset(out.get(), 0, len));
rv = GetAdaptersAddresses(AF_UNSPEC,
GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_DNS_SERVER |
GAA_FLAG_SKIP_MULTICAST |
diff --git a/net/dns/public/win_dns_system_settings.cc b/net/dns/public/win_dns_system_settings.cc
index 0eb0a327827be..05a31b9e73748 100644
--- a/net/dns/public/win_dns_system_settings.cc
+++ b/net/dns/public/win_dns_system_settings.cc
@@ -140,7 +140,7 @@ ReadAdapterDnsAddresses() {
for (unsigned tries = 0; (tries < 3) && (rv == ERROR_BUFFER_OVERFLOW);
tries++) {
out.reset(static_cast<PIP_ADAPTER_ADDRESSES>(malloc(len)));
- memset(out.get(), 0, len);
+ UNSAFE_TODO(memset(out.get(), 0, len));
rv = GetAdaptersAddresses(AF_UNSPEC,
GAA_FLAG_SKIP_ANYCAST | GAA_FLAG_SKIP_UNICAST |
GAA_FLAG_SKIP_MULTICAST |
diff --git a/remoting/host/desktop_display_info_loader_win.cc b/remoting/host/desktop_display_info_loader_win.cc
index 96afe4c9682e8..c5604c5399533 100644
--- a/remoting/host/desktop_display_info_loader_win.cc
+++ b/remoting/host/desktop_display_info_loader_win.cc
@@ -10,6 +10,7 @@
#include <limits>
#include <vector>
+#include "base/compiler_specific.h"
#include "base/strings/utf_string_conversions.h"
namespace remoting {
@@ -111,8 +112,8 @@ DesktopDisplayInfo DesktopDisplayInfoLoaderWin::GetCurrentDisplayInfo() {
// get the friendly name for the device.
std::string monitor_name;
for (const auto& entry : paths_with_names) {
- if (wcscmp(entry.source_device_name.viewGdiDeviceName,
- device.DeviceName) == 0) {
+ if (UNSAFE_TODO(wcscmp(entry.source_device_name.viewGdiDeviceName,
+ device.DeviceName)) == 0) {
monitor_name = GetFriendlyDeviceName(entry.path);
break;
}
diff --git a/remoting/host/input_injector_win.cc b/remoting/host/input_injector_win.cc
index 9761d5d4509f1..985b8e9a5444c 100644
--- a/remoting/host/input_injector_win.cc
+++ b/remoting/host/input_injector_win.cc
@@ -44,7 +44,7 @@ void SendKeyboardInput(uint32_t flags,
uint16_t virtual_key) {
// Populate a Windows INPUT structure for the event.
INPUT input;
- memset(&input, 0, sizeof(input));
+ UNSAFE_TODO(memset(&input, 0, sizeof(input)));
input.type = INPUT_KEYBOARD;
input.ki.time = 0;
input.ki.dwFlags = flags;
diff --git a/remoting/host/touch_injector_win.cc b/remoting/host/touch_injector_win.cc
index aacb998397024..49c76d8c6946f 100644
--- a/remoting/host/touch_injector_win.cc
+++ b/remoting/host/touch_injector_win.cc
@@ -7,6 +7,7 @@
#include <string>
#include <utility>
+#include "base/compiler_specific.h"
#include "base/files/file_path.h"
#include "base/logging.h"
#include "base/native_library.h"
@@ -231,7 +232,7 @@ void TouchInjectorWin::AddNewTouchPoints(const TouchEvent& event) {
for (const TouchEventPoint& touch_point : event.touch_points()) {
POINTER_TOUCH_INFO pointer_touch_info;
- memset(&pointer_touch_info, 0, sizeof(pointer_touch_info));
+ UNSAFE_TODO(memset(&pointer_touch_info, 0, sizeof(pointer_touch_info)));
pointer_touch_info.pointerInfo.pointerFlags =
POINTER_FLAG_INRANGE | POINTER_FLAG_INCONTACT | POINTER_FLAG_DOWN;
ConvertToPointerTouchInfo(touch_point, &pointer_touch_info);
@@ -254,7 +255,7 @@ void TouchInjectorWin::MoveTouchPoints(const TouchEvent& event) {
for (const TouchEventPoint& touch_point : event.touch_points()) {
POINTER_TOUCH_INFO* pointer_touch_info =
&touches_in_contact_[touch_point.id()];
- memset(pointer_touch_info, 0, sizeof(*pointer_touch_info));
+ UNSAFE_TODO(memset(pointer_touch_info, 0, sizeof(*pointer_touch_info)));
pointer_touch_info->pointerInfo.pointerFlags =
POINTER_FLAG_INRANGE | POINTER_FLAG_INCONTACT | POINTER_FLAG_UPDATE;
ConvertToPointerTouchInfo(touch_point, pointer_touch_info);
diff --git a/rlz/win/lib/rlz_lib_win.cc b/rlz/win/lib/rlz_lib_win.cc
index 23549e5601276..fa4ffa4e9cb75 100644
--- a/rlz/win/lib/rlz_lib_win.cc
+++ b/rlz/win/lib/rlz_lib_win.cc
@@ -13,6 +13,7 @@
#include <memory>
+#include "base/compiler_specific.h"
#include "base/win/registry.h"
#include "rlz/lib/assert.h"
#include "rlz/lib/machine_deal_win.h"
@@ -150,7 +151,7 @@ bool CreateMachineState() {
// Add ALL-USERS ALL-ACCESS ACL.
EXPLICIT_ACCESS ea;
- ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
+ UNSAFE_TODO(ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS)));
ea.grfAccessPermissions = GENERIC_ALL | KEY_ALL_ACCESS;
ea.grfAccessMode = GRANT_ACCESS;
ea.grfInheritance= SUB_CONTAINERS_AND_OBJECTS_INHERIT;
diff --git a/sandbox/win/src/lpc_policy_test.cc b/sandbox/win/src/lpc_policy_test.cc
index f674f4a015439..17c73d6f2789b 100644
--- a/sandbox/win/src/lpc_policy_test.cc
+++ b/sandbox/win/src/lpc_policy_test.cc
@@ -2,6 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#ifdef UNSAFE_BUFFERS_BUILD
+// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
+#pragma allow_unsafe_libc_calls
+#endif
+
// These tests have been added to specifically tests issues arising from (A)LPC
// lock down.
diff --git a/sandbox/win/src/policy_opcodes_unittest.cc b/sandbox/win/src/policy_opcodes_unittest.cc
index 905154902a4cb..564f2f6a8338a 100644
--- a/sandbox/win/src/policy_opcodes_unittest.cc
+++ b/sandbox/win/src/policy_opcodes_unittest.cc
@@ -2,11 +2,11 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "sandbox/win/src/policy_engine_opcodes.h"
-
#include <stddef.h>
#include <stdint.h>
+#include "base/compiler_specific.h"
+#include "sandbox/win/src/policy_engine_opcodes.h"
#include "sandbox/win/src/policy_engine_params.h"
#include "sandbox/win/src/sandbox_nt_types.h"
#include "sandbox/win/src/sandbox_nt_util.h"
@@ -45,7 +45,7 @@ TEST(PolicyEngineTest, ParameterSetTest) {
ParameterSet pset4 = ParamPickerMake(txt);
const wchar_t* result3 = nullptr;
EXPECT_TRUE(pset4.Get(&result3));
- EXPECT_EQ(0, wcscmp(txt, result3));
+ EXPECT_EQ(0, UNSAFE_TODO(wcscmp(txt, result3)));
}
TEST(PolicyEngineTest, OpcodeConstraints) {
diff --git a/sandbox/win/src/policy_target_test.cc b/sandbox/win/src/policy_target_test.cc
index f302a5acf24b1..30353c4355887 100644
--- a/sandbox/win/src/policy_target_test.cc
+++ b/sandbox/win/src/policy_target_test.cc
@@ -6,6 +6,7 @@
#include <string_view>
+#include "base/compiler_specific.h"
#include "base/environment.h"
#include "base/memory/read_only_shared_memory_region.h"
#include "base/memory/writable_shared_memory_region.h"
@@ -488,7 +489,8 @@ TEST(PolicyTargetTest, ShareHandleTest) {
ASSERT_TRUE(writable_region.IsValid());
base::WritableSharedMemoryMapping writable_mapping = writable_region.Map();
ASSERT_TRUE(writable_mapping.IsValid());
- memcpy(writable_mapping.memory(), contents.data(), contents.size());
+ UNSAFE_TODO(
+ memcpy(writable_mapping.memory(), contents.data(), contents.size()));
// Get the path to the sandboxed app.
wchar_t prog_name[MAX_PATH];
diff --git a/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc b/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc
index 202e88bf54fc8..f0b17dd914051 100644
--- a/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc
+++ b/sandbox/win/src/process_mitigations_extensionpoints_unittest.cc
@@ -6,6 +6,7 @@
#include <psapi.h>
+#include "base/compiler_specific.h"
#include "base/scoped_native_library.h"
#include "base/win/registry.h"
#include "base/win/startup_information.h"
@@ -310,7 +311,7 @@ void TestWin8ExtensionPointAppInitWrapper(bool is_success_test) {
wchar_t name[MAX_PATH] = {};
if (::GetModuleFileNameExW(proc_info.hProcess, module, name,
MAX_PATH) &&
- ::wcsstr(name, hooking_dll::g_hook_dll_file)) {
+ UNSAFE_TODO(::wcsstr(name, hooking_dll::g_hook_dll_file))) {
// Found it.
dll_loaded = true;
break;
diff --git a/sandbox/win/src/process_policy_test.cc b/sandbox/win/src/process_policy_test.cc
index d913466131cab..922b42c760ff4 100644
--- a/sandbox/win/src/process_policy_test.cc
+++ b/sandbox/win/src/process_policy_test.cc
@@ -5,6 +5,7 @@
#include <memory>
#include <string>
+#include "base/compiler_specific.h"
#include "base/memory/free_deleter.h"
#include "base/strings/sys_string_conversions.h"
#include "base/win/scoped_handle.h"
@@ -104,8 +105,8 @@ SBOX_TESTS_COMMAND int Process_Crash(int argc, wchar_t** argv) {
// Generate a event name, used to test thread creation.
std::wstring GenerateEventName(DWORD pid) {
wchar_t buff[30] = {};
- int res = swprintf_s(buff, sizeof(buff) / sizeof(buff[0]),
- L"ProcessPolicyTest_%08x", pid);
+ int res = UNSAFE_TODO(swprintf_s(buff, sizeof(buff) / sizeof(buff[0]),
+ L"ProcessPolicyTest_%08x", pid));
if (-1 != res) {
return std::wstring(buff);
}
diff --git a/sandbox/win/src/service_resolver_64.cc b/sandbox/win/src/service_resolver_64.cc
index ce8c895e886c2..8516e775cd0ec 100644
--- a/sandbox/win/src/service_resolver_64.cc
+++ b/sandbox/win/src/service_resolver_64.cc
@@ -5,13 +5,14 @@
#include "sandbox/win/src/service_resolver.h"
#include <windows.h>
+#include <winternl.h>
#include <ntstatus.h>
#include <stddef.h>
-#include <winternl.h>
#include <memory>
+#include "base/compiler_specific.h"
#include "base/containers/heap_array.h"
namespace {
@@ -247,7 +248,7 @@ bool ServiceResolverThunk::IsFunctionAService(void* local_thunk) const {
return false;
// Save the verified code.
- memcpy(local_thunk, &function_code, sizeof(function_code));
+ UNSAFE_TODO(memcpy(local_thunk, &function_code, sizeof(function_code)));
return true;
}
diff --git a/sandbox/win/src/service_resolver_unittest.cc b/sandbox/win/src/service_resolver_unittest.cc
index aa05e37c0c0e0..ecb611aeb3f03 100644
--- a/sandbox/win/src/service_resolver_unittest.cc
+++ b/sandbox/win/src/service_resolver_unittest.cc
@@ -12,6 +12,7 @@
#include <memory>
#include "base/bit_cast.h"
+#include "base/compiler_specific.h"
#include "base/memory/raw_ptr.h"
#include "sandbox/win/src/nt_internals.h"
#include "sandbox/win/src/resolver.h"
@@ -70,7 +71,7 @@ NTSTATUS PatchNtdllWithResolver(const char* function,
return STATUS_UNSUCCESSFUL;
BYTE service[50];
- memcpy(service, target, sizeof(service));
+ UNSAFE_TODO(memcpy(service, target, sizeof(service)));
resolver.set_target(service);
@@ -87,7 +88,7 @@ NTSTATUS PatchNtdllWithResolver(const char* function,
if (NT_SUCCESS(ret)) {
const BYTE kJump32 = 0xE9;
EXPECT_EQ(thunk_size, used);
- EXPECT_NE(0, memcmp(service, target, sizeof(service)));
+ EXPECT_NE(0, UNSAFE_TODO(memcmp(service, target, sizeof(service))));
EXPECT_NE(kJump32, service[0]);
if (relaxed) {
@@ -186,7 +187,7 @@ TEST(ServiceResolverTest, LocalPatchesAllowed) {
ASSERT_TRUE(target);
BYTE service[50];
- memcpy(service, target, sizeof(service));
+ UNSAFE_TODO(memcpy(service, target, sizeof(service)));
resolver.set_target(service);
// Any pointer will do as an interception_entry_point
diff --git a/sandbox/win/tests/common/test_utils.cc b/sandbox/win/tests/common/test_utils.cc
index 71d75f4a4d737..c6cb0394ebe96 100644
--- a/sandbox/win/tests/common/test_utils.cc
+++ b/sandbox/win/tests/common/test_utils.cc
@@ -9,6 +9,7 @@
#include <stddef.h>
#include <winioctl.h>
+#include "base/compiler_specific.h"
#include "base/numerics/safe_conversions.h"
namespace sandbox {
@@ -42,7 +43,8 @@ typedef struct _REPARSE_DATA_BUFFER {
// Sets a reparse point. |source| will now point to |target|. Returns true if
// the call succeeds, false otherwise.
bool SetReparsePoint(HANDLE source, const wchar_t* target) {
- USHORT size_target = static_cast<USHORT>(wcslen(target)) * sizeof(target[0]);
+ USHORT size_target =
+ static_cast<USHORT>(UNSAFE_TODO(wcslen(target))) * sizeof(target[0]);
char buffer[2000] = {};
DWORD returned;
@@ -50,7 +52,8 @@ bool SetReparsePoint(HANDLE source, const wchar_t* target) {
REPARSE_DATA_BUFFER* data = reinterpret_cast<REPARSE_DATA_BUFFER*>(buffer);
data->ReparseTag = IO_REPARSE_TAG_MOUNT_POINT;
- memcpy(data->MountPointReparseBuffer.PathBuffer, target, size_target + 2);
+ UNSAFE_TODO(memcpy(data->MountPointReparseBuffer.PathBuffer, target,
+ size_target + 2));
data->MountPointReparseBuffer.SubstituteNameLength = size_target;
data->MountPointReparseBuffer.PrintNameOffset = size_target + 2;
data->ReparseDataLength = size_target + 4 + 8;
diff --git a/services/device/usb/usb_device_handle_win.cc b/services/device/usb/usb_device_handle_win.cc
index a6f89d6fbff00..f6575ac1ee3ad 100644
--- a/services/device/usb/usb_device_handle_win.cc
+++ b/services/device/usb/usb_device_handle_win.cc
@@ -19,6 +19,7 @@
#include <utility>
#include <vector>
+#include "base/compiler_specific.h"
#include "base/containers/contains.h"
#include "base/functional/bind.h"
#include "base/location.h"
@@ -142,7 +143,7 @@ class UsbDeviceHandleWin::Request : public base::win::ObjectWatcher::Delegate {
: handle_(handle),
interface_number_(interface_number),
event_(CreateEvent(nullptr, false, false, nullptr)) {
- memset(&overlapped_, 0, sizeof(overlapped_));
+ UNSAFE_TODO(memset(&overlapped_, 0, sizeof(overlapped_)));
overlapped_.hEvent = event_.Get();
}
diff --git a/skia/ext/raster_handle_allocator_win.cc b/skia/ext/raster_handle_allocator_win.cc
index ada5814decb57..5b453f9134eb5 100644
--- a/skia/ext/raster_handle_allocator_win.cc
+++ b/skia/ext/raster_handle_allocator_win.cc
@@ -9,6 +9,7 @@
#include <string.h>
#include "base/check_op.h"
+#include "base/compiler_specific.h"
#include "base/debug/gdi_debug_util_win.h"
#include "base/logging.h"
#include "base/memory/ptr_util.h"
@@ -59,8 +60,9 @@ static bool Create(int width,
// The HBITMAP is 32-bit RGB data. A size_t causes a type change from int when
// multiplying against the dimensions.
const size_t bpp = 4;
- if (do_clear)
- memset(pixels, 0, width * bpp * height);
+ if (do_clear) {
+ UNSAFE_TODO(memset(pixels, 0, width * bpp * height));
+ }
HDC hdc = CreateCompatibleDC(nullptr);
if (!hdc)
diff --git a/ui/base/ime/win/on_screen_keyboard_display_manager_tab_tip.cc b/ui/base/ime/win/on_screen_keyboard_display_manager_tab_tip.cc
index f8ff353fa2ca1..c2e3dfc42aca4 100644
--- a/ui/base/ime/win/on_screen_keyboard_display_manager_tab_tip.cc
+++ b/ui/base/ime/win/on_screen_keyboard_display_manager_tab_tip.cc
@@ -12,6 +12,7 @@
#include "base/base_switches.h"
#include "base/command_line.h"
+#include "base/compiler_specific.h"
#include "base/functional/bind.h"
#include "base/location.h"
#include "base/logging.h"
@@ -318,7 +319,7 @@ bool OnScreenKeyboardDisplayManagerTabTip::GetOSKPath(std::wstring* osk_path) {
return false;
}
- osk_path->resize(wcslen(osk_path->c_str()));
+ osk_path->resize(UNSAFE_TODO(wcslen(osk_path->c_str())));
*osk_path = base::ToLowerASCII(*osk_path);
diff --git a/ui/display/win/color_profile_reader.cc b/ui/display/win/color_profile_reader.cc
index 9530f11a56975..350c7b4c2904a 100644
--- a/ui/display/win/color_profile_reader.cc
+++ b/ui/display/win/color_profile_reader.cc
@@ -8,6 +8,7 @@
#include <stddef.h>
+#include "base/compiler_specific.h"
#include "base/files/file_util.h"
#include "base/functional/bind.h"
#include "base/task/thread_pool.h"
@@ -25,7 +26,7 @@ BOOL CALLBACK EnumMonitorForProfilePathCallback(HMONITOR monitor,
LPARAM data) {
std::wstring device_name;
MONITORINFOEX monitor_info;
- ::ZeroMemory(&monitor_info, sizeof(monitor_info));
+ UNSAFE_TODO(::ZeroMemory(&monitor_info, sizeof(monitor_info)));
monitor_info.cbSize = sizeof(monitor_info);
::GetMonitorInfo(monitor, &monitor_info);
device_name = std::wstring(monitor_info.szDevice);
diff --git a/ui/display/win/display_config_helper.cc b/ui/display/win/display_config_helper.cc
index fc7a50d02e958..c1cd26f694832 100644
--- a/ui/display/win/display_config_helper.cc
+++ b/ui/display/win/display_config_helper.cc
@@ -6,6 +6,8 @@
#include <vector>
+#include "base/compiler_specific.h"
+
namespace display::win {
namespace {
@@ -65,7 +67,8 @@ DISPLAY_EXPORT std::optional<DISPLAYCONFIG_PATH_INFO> GetDisplayConfigPathInfo(
device_name.header.adapterId = info.sourceInfo.adapterId;
device_name.header.id = info.sourceInfo.id;
if ((::DisplayConfigGetDeviceInfo(&device_name.header) == ERROR_SUCCESS) &&
- (wcscmp(monitor_info.szDevice, device_name.viewGdiDeviceName) == 0)) {
+ (UNSAFE_TODO(wcscmp(monitor_info.szDevice,
+ device_name.viewGdiDeviceName)) == 0)) {
return info;
}
}
diff --git a/ui/display/win/display_info.cc b/ui/display/win/display_info.cc
index 4968e6aa8cc12..ab47557a67d54 100644
--- a/ui/display/win/display_info.cc
+++ b/ui/display/win/display_info.cc
@@ -6,6 +6,7 @@
#include <string.h>
+#include "base/compiler_specific.h"
#include "base/hash/hash.h"
#include "base/metrics/histogram_functions.h"
#include "base/rand_util.h"
@@ -22,7 +23,7 @@ namespace {
template <size_t N>
std::wstring_view FixedArrayToStringView(
const std::wstring_view::value_type (&str)[N]) {
- return std::wstring_view(str, ::wcsnlen(str, N));
+ return std::wstring_view(str, UNSAFE_TODO(::wcsnlen(str, N)));
}
} // namespace
diff --git a/ui/display/win/screen_win.cc b/ui/display/win/screen_win.cc
index 5cc792faaa062..fa26c22940ed7 100644
--- a/ui/display/win/screen_win.cc
+++ b/ui/display/win/screen_win.cc
@@ -12,6 +12,7 @@
#include <optional>
#include <sstream>
+#include "base/compiler_specific.h"
#include "base/containers/contains.h"
#include "base/containers/flat_set.h"
#include "base/debug/alias.h"
@@ -575,7 +576,7 @@ gfx::Point DIPToScreenPoint(const gfx::Point& dip_point,
// Create a fake FHD display used in case no displays are ever conneceted.
ScreenWinDisplay CreateFallbackPrimaryScreenDisplay() {
MONITORINFOEX monitor_info;
- ::ZeroMemory(&monitor_info, sizeof(monitor_info));
+ UNSAFE_TODO(::ZeroMemory(&monitor_info, sizeof(monitor_info)));
monitor_info.cbSize = sizeof(monitor_info);
monitor_info.rcMonitor = gfx::Rect{1920, 1080}.ToRECT();
monitor_info.rcWork = monitor_info.rcMonitor;
diff --git a/ui/events/event_utils.h b/ui/events/event_utils.h
index 14993d14235a5..9492e174d80de 100644
--- a/ui/events/event_utils.h
+++ b/ui/events/event_utils.h
@@ -13,6 +13,7 @@
#include <vector>
#include "base/bits.h"
+#include "base/compiler_specific.h"
#include "build/build_config.h"
#include "ui/display/display.h"
#include "ui/events/base_event_utils.h"
@@ -223,7 +224,8 @@ template <base::bits::UnsignedInteger T>
Event::PropertyValue ConvertToEventPropertyValue(const T& value) {
Event::PropertyValue property_value;
property_value.resize(sizeof(T));
- std::memcpy(property_value.data(), &value, property_value.size());
+ UNSAFE_TODO(
+ std::memcpy(property_value.data(), &value, property_value.size()));
return property_value;
}
diff --git a/ui/events/win/stylus_handwriting_properties_win.cc b/ui/events/win/stylus_handwriting_properties_win.cc
index a6b233f8b28f7..c616812ca9dc9 100644
--- a/ui/events/win/stylus_handwriting_properties_win.cc
+++ b/ui/events/win/stylus_handwriting_properties_win.cc
@@ -6,6 +6,7 @@
#include <ShellHandwriting.h>
+#include "base/compiler_specific.h"
#include "base/debug/dump_without_crashing.h"
#include "base/trace_event/trace_event.h"
#include "ui/events/event_utils.h"
@@ -70,8 +71,8 @@ std::optional<StylusHandwritingPropertiesWin> GetStylusHandwritingProperties(
if (it != event_properties->end()) {
CHECK_EQ(it->second.size(), sizeof(uint32_t));
uint32_t handwriting_pointer_id = 0;
- std::memcpy(&handwriting_pointer_id, it->second.data(),
- it->second.size());
+ UNSAFE_TODO(std::memcpy(&handwriting_pointer_id, it->second.data(),
+ it->second.size()));
handwriting_properties =
std::make_optional<StylusHandwritingPropertiesWin>();
handwriting_properties->handwriting_pointer_id = handwriting_pointer_id;
@@ -81,7 +82,8 @@ std::optional<StylusHandwritingPropertiesWin> GetStylusHandwritingProperties(
if (it != event_properties->end()) {
CHECK_EQ(it->second.size(), sizeof(uint64_t));
uint64_t handwriting_stroke_id = 0;
- std::memcpy(&handwriting_stroke_id, it->second.data(), it->second.size());
+ UNSAFE_TODO(std::memcpy(&handwriting_stroke_id, it->second.data(),
+ it->second.size()));
if (!handwriting_properties.has_value()) [[unlikely]] {
handwriting_properties =
std::make_optional<StylusHandwritingPropertiesWin>();
diff --git a/ui/gfx/gdi_util.cc b/ui/gfx/gdi_util.cc
index 576ba8dfc4ef9..b5f6142aa921d 100644
--- a/ui/gfx/gdi_util.cc
+++ b/ui/gfx/gdi_util.cc
@@ -9,6 +9,7 @@
#include <algorithm>
#include <memory>
+#include "base/compiler_specific.h"
#include "skia/ext/skia_utils_win.h"
namespace gfx {
@@ -20,8 +21,8 @@ void CreateBitmapV4HeaderForARGB888(int width,
// copy the bits over to the v4 header.
BITMAPINFOHEADER header_v3;
skia::CreateBitmapHeaderForXRGB888(width, height, &header_v3);
- memset(hdr, 0, sizeof(BITMAPV4HEADER));
- memcpy(hdr, &header_v3, sizeof(BITMAPINFOHEADER));
+ UNSAFE_TODO(memset(hdr, 0, sizeof(BITMAPV4HEADER)));
+ UNSAFE_TODO(memcpy(hdr, &header_v3, sizeof(BITMAPINFOHEADER)));
// Correct the size of the header and fill in the mask values.
hdr->bV4Size = sizeof(BITMAPV4HEADER);
diff --git a/ui/gfx/system_fonts_win.cc b/ui/gfx/system_fonts_win.cc
index 4bfe0db52fee8..d959147a87554 100644
--- a/ui/gfx/system_fonts_win.cc
+++ b/ui/gfx/system_fonts_win.cc
@@ -6,6 +6,7 @@
#include <windows.h>
+#include "base/compiler_specific.h"
#include "base/containers/flat_map.h"
#include "base/logging.h"
#include "base/no_destructor.h"
@@ -79,8 +80,8 @@ class SystemFonts {
new_height = logfont->lfHeight > 0 ? 1 : -1;
logfont->lfHeight = new_height;
if (!font_adjustment.font_family_override.empty()) {
- auto result = wcscpy_s(logfont->lfFaceName,
- font_adjustment.font_family_override.c_str());
+ auto result = UNSAFE_TODO(wcscpy_s(
+ logfont->lfFaceName, font_adjustment.font_family_override.c_str()));
DCHECK_EQ(0, result) << "Font name "
<< font_adjustment.font_family_override
<< " cannot be copied into LOGFONT structure.";
diff --git a/ui/gfx/system_fonts_win_unittest.cc b/ui/gfx/system_fonts_win_unittest.cc
index 48b54949255b3..e06bfef335ddd 100644
--- a/ui/gfx/system_fonts_win_unittest.cc
+++ b/ui/gfx/system_fonts_win_unittest.cc
@@ -7,6 +7,7 @@
#include <windows.h>
#include "base/check_op.h"
+#include "base/compiler_specific.h"
#include "base/strings/utf_string_conversions.h"
#include "build/build_config.h"
#include "testing/gtest/include/gtest/gtest.h"
@@ -38,7 +39,7 @@ class SystemFontsWinTest : public testing::Test {
LOGFONT CreateLOGFONT(const wchar_t* name, LONG height) {
LOGFONT logfont = {};
logfont.lfHeight = height;
- auto result = wcscpy_s(logfont.lfFaceName, name);
+ auto result = UNSAFE_TODO(wcscpy_s(logfont.lfFaceName, name));
DCHECK_EQ(0, result);
return logfont;
}
diff --git a/ui/gfx/win/physical_size.cc b/ui/gfx/win/physical_size.cc
index 22b7785f1d9a5..0e62d693e6c37 100644
--- a/ui/gfx/win/physical_size.cc
+++ b/ui/gfx/win/physical_size.cc
@@ -12,6 +12,7 @@
#include <memory>
#include "base/check_op.h"
+#include "base/compiler_specific.h"
#include "base/memory/free_deleter.h"
#include "base/scoped_generic.h"
#include "base/strings/utf_string_conversions.h"
@@ -43,7 +44,7 @@ bool GetSizeFromRegistry(HDEVINFO device_info_list,
return false;
BYTE data[128]; // EDID block is exactly 128 bytes long.
- ZeroMemory(&data[0], sizeof(data));
+ UNSAFE_TODO(ZeroMemory(&data[0], sizeof(data)));
DWORD data_length = sizeof(data);
LONG return_value =
reg_key.ReadValue(L"EDID", &data[0], &data_length, nullptr);
@@ -143,7 +144,7 @@ std::vector<PhysicalDisplaySize> GetPhysicalSizeForDisplays() {
EDD_GET_DEVICE_INTERFACE_NAME)) {
wchar_t* attached_device_id = attached_device.DeviceID;
wchar_t* setup_device_path = interface_detail->DevicePath;
- if (wcsicmp(attached_device_id, setup_device_path) == 0) {
+ if (UNSAFE_TODO(wcsicmp(attached_device_id, setup_device_path)) == 0) {
int width_mm;
int height_mm;
bool found = GetSizeFromRegistry(device_info_list.get(), &device_info,
diff --git a/ui/gfx/win/window_impl.cc b/ui/gfx/win/window_impl.cc
index 8928ec1cc2ff9..be58182e216c3 100644
--- a/ui/gfx/win/window_impl.cc
+++ b/ui/gfx/win/window_impl.cc
@@ -7,6 +7,7 @@
#include <list>
#include "base/at_exit.h"
+#include "base/compiler_specific.h"
#include "base/debug/alias.h"
#include "base/debug/dump_without_crashing.h"
#include "base/functional/bind.h"
@@ -238,7 +239,7 @@ void WindowImpl::Init(HWND parent, const Rect& bounds) {
bool got_valid_hwnd = got_valid_hwnd_;
base::debug::Alias(&got_valid_hwnd);
WNDCLASSEX class_info;
- memset(&class_info, 0, sizeof(WNDCLASSEX));
+ UNSAFE_TODO(memset(&class_info, 0, sizeof(WNDCLASSEX)));
class_info.cbSize = sizeof(WNDCLASSEX);
BOOL got_class =
GetClassInfoEx(GetModuleHandle(nullptr),