Allow disabling unsafe implicit conversions in wxString

While we have to keep these conversions enabled by default, they are very
dangerous as they can result in silent data loss on any system not using a
locale with UTF-8 encoding, i.e. always under MSW.

Allow mitigating this by defining wxNO_UNSAFE_WXSTRING_CONV when compiling the
application code using the library, which makes these conversions invisible to
the user code, and so can be used without recompiling the library.

Also add wxUSE_UNSAFE_WXSTRING_CONV which can be set to 0 when compiling the
library to disable these conversions globally for all applications using it.

Closes #11830.
This commit is contained in:
Vadim Zeitlin 2017-02-12 00:47:35 +01:00
parent 4cc45797a1
commit e125c3b657
14 changed files with 159 additions and 1 deletions

36
configure vendored
View File

@ -1119,6 +1119,7 @@ enable_std_containers_compat
enable_std_iostreams enable_std_iostreams
enable_std_string enable_std_string
enable_std_string_conv_in_wxstring enable_std_string_conv_in_wxstring
enable_unsafe_conv_in_wxstring
enable_unicode enable_unicode
enable_utf8 enable_utf8
enable_utf8only enable_utf8only
@ -2057,6 +2058,7 @@ Optional Features:
--enable-std_iostreams use standard C++ stream classes --enable-std_iostreams use standard C++ stream classes
--enable-std_string use standard C++ string classes --enable-std_string use standard C++ string classes
--enable-std_string_conv_in_wxstring provide implicit conversion to std::string in wxString --enable-std_string_conv_in_wxstring provide implicit conversion to std::string in wxString
--disable-unsafe_conv_in_wxstring disable unsafe implicit conversions in wxString
--disable-unicode compile without Unicode support --disable-unicode compile without Unicode support
--enable-utf8 use UTF-8 representation for strings (Unix only) --enable-utf8 use UTF-8 representation for strings (Unix only)
--enable-utf8only only support UTF-8 locales in UTF-8 build (Unix only) --enable-utf8only only support UTF-8 locales in UTF-8 build (Unix only)
@ -5469,6 +5471,35 @@ fi
eval "$wx_cv_use_std_string_conv_in_wxstring" eval "$wx_cv_use_std_string_conv_in_wxstring"
enablestring=disable
defaultval=
if test -z "$defaultval"; then
if test x"$enablestring" = xdisable; then
defaultval=yes
else
defaultval=no
fi
fi
# Check whether --enable-unsafe_conv_in_wxstring was given.
if test "${enable_unsafe_conv_in_wxstring+set}" = set; then :
enableval=$enable_unsafe_conv_in_wxstring;
if test "$enableval" = yes; then
wx_cv_use_unsafe_conv_in_wxstring='wxUSE_UNSAFE_WXSTRING_CONV=yes'
else
wx_cv_use_unsafe_conv_in_wxstring='wxUSE_UNSAFE_WXSTRING_CONV=no'
fi
else
wx_cv_use_unsafe_conv_in_wxstring='wxUSE_UNSAFE_WXSTRING_CONV=${'DEFAULT_wxUSE_UNSAFE_WXSTRING_CONV":-$defaultval}"
fi
eval "$wx_cv_use_unsafe_conv_in_wxstring"
enablestring=disable enablestring=disable
defaultval= defaultval=
if test -z "$defaultval"; then if test -z "$defaultval"; then
@ -32527,6 +32558,11 @@ if test "$wxUSE_STD_STRING_CONV_IN_WXSTRING" = "yes"; then
fi fi
if test "$wxUSE_UNSAFE_WXSTRING_CONV" = "yes"; then
$as_echo "#define wxUSE_UNSAFE_WXSTRING_CONV 1" >>confdefs.h
fi
if test "$wxUSE_STDPATHS" = "yes"; then if test "$wxUSE_STDPATHS" = "yes"; then
$as_echo "#define wxUSE_STDPATHS 1" >>confdefs.h $as_echo "#define wxUSE_STDPATHS 1" >>confdefs.h

View File

@ -642,6 +642,7 @@ WX_ARG_ENABLE(std_containers_compat, [ --enable-std_containers_compat use s
WX_ARG_ENABLE(std_iostreams, [ --enable-std_iostreams use standard C++ stream classes], wxUSE_STD_IOSTREAM) WX_ARG_ENABLE(std_iostreams, [ --enable-std_iostreams use standard C++ stream classes], wxUSE_STD_IOSTREAM)
WX_ARG_ENABLE(std_string, [ --enable-std_string use standard C++ string classes], wxUSE_STD_STRING) WX_ARG_ENABLE(std_string, [ --enable-std_string use standard C++ string classes], wxUSE_STD_STRING)
WX_ARG_ENABLE(std_string_conv_in_wxstring, [ --enable-std_string_conv_in_wxstring provide implicit conversion to std::string in wxString], wxUSE_STD_STRING_CONV_IN_WXSTRING) WX_ARG_ENABLE(std_string_conv_in_wxstring, [ --enable-std_string_conv_in_wxstring provide implicit conversion to std::string in wxString], wxUSE_STD_STRING_CONV_IN_WXSTRING)
WX_ARG_DISABLE(unsafe_conv_in_wxstring, [ --disable-unsafe_conv_in_wxstring disable unsafe implicit conversions in wxString], wxUSE_UNSAFE_WXSTRING_CONV)
WX_ARG_DISABLE(unicode, [ --disable-unicode compile without Unicode support], wxUSE_UNICODE) WX_ARG_DISABLE(unicode, [ --disable-unicode compile without Unicode support], wxUSE_UNICODE)
WX_ARG_ENABLE_PARAM(utf8, [ --enable-utf8 use UTF-8 representation for strings (Unix only)], wxUSE_UNICODE_UTF8) WX_ARG_ENABLE_PARAM(utf8, [ --enable-utf8 use UTF-8 representation for strings (Unix only)], wxUSE_UNICODE_UTF8)
WX_ARG_ENABLE(utf8only, [ --enable-utf8only only support UTF-8 locales in UTF-8 build (Unix only)], wxUSE_UNICODE_UTF8_LOCALE) WX_ARG_ENABLE(utf8only, [ --enable-utf8only only support UTF-8 locales in UTF-8 build (Unix only)], wxUSE_UNICODE_UTF8_LOCALE)
@ -5665,6 +5666,10 @@ if test "$wxUSE_STD_STRING_CONV_IN_WXSTRING" = "yes"; then
AC_DEFINE(wxUSE_STD_STRING_CONV_IN_WXSTRING) AC_DEFINE(wxUSE_STD_STRING_CONV_IN_WXSTRING)
fi fi
if test "$wxUSE_UNSAFE_WXSTRING_CONV" = "yes"; then
AC_DEFINE(wxUSE_UNSAFE_WXSTRING_CONV)
fi
if test "$wxUSE_STDPATHS" = "yes"; then if test "$wxUSE_STDPATHS" = "yes"; then
AC_DEFINE(wxUSE_STDPATHS) AC_DEFINE(wxUSE_STDPATHS)
fi fi

View File

@ -69,6 +69,7 @@ INCOMPATIBLE CHANGES SINCE 3.1.0:
All: All:
- Add wxSecretStore for storing passwords using the OS-provided facilities. - Add wxSecretStore for storing passwords using the OS-provided facilities.
- Add support for compiling application code with wxNO_UNSAFE_WXSTRING_CONV.
- Add support for the micro version (third component) to OS and toolkit version - Add support for the micro version (third component) to OS and toolkit version
functions. See wxGetOsVersion(), wxPlatformInfo, and wxAppTraits. functions. See wxGetOsVersion(), wxPlatformInfo, and wxAppTraits.
- wxLogInfo() now logs messages if the log level is high enough, even without - wxLogInfo() now logs messages if the log level is high enough, even without

View File

@ -286,6 +286,14 @@ more details.
wxMSW-specific setting which can be set to 1 to make wxMSW-specific setting which can be set to 1 to make
wxWindow::GetCharWidth() and wxWindow::GetCharHeight() more compatible wxWindow::GetCharWidth() and wxWindow::GetCharHeight() more compatible
with old wxWidgets versions. Changing it is not recommended.} with old wxWidgets versions. Changing it is not recommended.}
@itemdef{wxUSE_UNSAFE_WXSTRING_CONV,
this option determines if unsafe implicit conversions of wxString to
@c char* or @c std::string (depending on whether @c wxUSE_STL is 0 or
1) are defined. It is set to 1 by default for compatibility reasons,
however it is recommended to set it to 0 for the new projects. See
also @c wxNO_UNSAFE_WXSTRING_CONV below for an alternative way of
disabling these unsafe conversions not requiring rebuilding the
library.}
@endDefList @endDefList
@section page_cppconst_miscellaneous Miscellaneous @section page_cppconst_miscellaneous Miscellaneous
@ -326,6 +334,15 @@ more details.
don't include compiler flags needed for multithreaded code generation. This don't include compiler flags needed for multithreaded code generation. This
implies that wxUSE_THREADS is 0 and also that other (non-wx-based) threading implies that wxUSE_THREADS is 0 and also that other (non-wx-based) threading
packages cannot be used neither.} packages cannot be used neither.}
@itemdef{wxNO_UNSAFE_WXSTRING_CONV,
this symbol is not defined by wxWidgets itself, but can be defined by
the applications using the library to disable unsafe implicit
conversions in wxString class. This is especially useful when using
standard build of the library, e.g. installed by the system package
manager under Unix, which is compiled with @c wxUSE_UNSAFE_WXSTRING_CONV
set to 1 for compatibility reasons as @c -DwxNO_UNSAFE_WXSTRING_CONV
can be used only compiling the application code, without rebuilding the
library. Support for this option appeared in wxWidgets 3.1.1.}
@itemdef{WXMAKINGDLL_XXX, @itemdef{WXMAKINGDLL_XXX,
used internally and defined when building the used internally and defined when building the
library @c XXX as a DLL; when a monolithic wxWidgets build is used only a library @c XXX as a DLL; when a monolithic wxWidgets build is used only a

View File

@ -54,6 +54,18 @@
// Recommended setting: 0 // Recommended setting: 0
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
// Provide unsafe implicit conversions in wxString to "const char*" or
// "std::string" (depending on wxUSE_STD_STRING_CONV_IN_WXSTRING value).
//
// Default is 1 but only for compatibility reasons, it is recommended to set
// this to 0 because converting wxString to a narrow (non-Unicode) string may
// fail unless a locale using UTF-8 encoding is used, which is never the case
// under MSW, for example, hence such conversions can result in silent data
// loss.
//
// Recommended setting: 0
#define wxUSE_UNSAFE_WXSTRING_CONV 1
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// debugging settings // debugging settings
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------

View File

@ -373,6 +373,14 @@
# endif # endif
#endif /* !defined(wxUSE_UNICODE) */ #endif /* !defined(wxUSE_UNICODE) */
#ifndef wxUSE_UNSAFE_WXSTRING_CONV
# ifdef wxABORT_ON_CONFIG_ERROR
# error "wxUSE_UNSAFE_WXSTRING_CONV must be defined, please read comment near the top of this file."
# else
# define wxUSE_UNSAFE_WXSTRING_CONV 0
# endif
#endif /* !defined(wxUSE_UNSAFE_WXSTRING_CONV) */
#ifndef wxUSE_URL #ifndef wxUSE_URL
# ifdef wxABORT_ON_CONFIG_ERROR # ifdef wxABORT_ON_CONFIG_ERROR
# error "wxUSE_URL must be defined, please read comment near the top of this file." # error "wxUSE_URL must be defined, please read comment near the top of this file."

View File

@ -55,6 +55,18 @@
// Recommended setting: 0 // Recommended setting: 0
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
// Provide unsafe implicit conversions in wxString to "const char*" or
// "std::string" (depending on wxUSE_STD_STRING_CONV_IN_WXSTRING value).
//
// Default is 1 but only for compatibility reasons, it is recommended to set
// this to 0 because converting wxString to a narrow (non-Unicode) string may
// fail unless a locale using UTF-8 encoding is used, which is never the case
// under MSW, for example, hence such conversions can result in silent data
// loss.
//
// Recommended setting: 0
#define wxUSE_UNSAFE_WXSTRING_CONV 1
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// debugging settings // debugging settings
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------

View File

@ -55,6 +55,18 @@
// Recommended setting: 0 // Recommended setting: 0
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
// Provide unsafe implicit conversions in wxString to "const char*" or
// "std::string" (depending on wxUSE_STD_STRING_CONV_IN_WXSTRING value).
//
// Default is 1 but only for compatibility reasons, it is recommended to set
// this to 0 because converting wxString to a narrow (non-Unicode) string may
// fail unless a locale using UTF-8 encoding is used, which is never the case
// under MSW, for example, hence such conversions can result in silent data
// loss.
//
// Recommended setting: 0
#define wxUSE_UNSAFE_WXSTRING_CONV 1
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// debugging settings // debugging settings
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------

View File

@ -55,6 +55,18 @@
// Recommended setting: 0 // Recommended setting: 0
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
// Provide unsafe implicit conversions in wxString to "const char*" or
// "std::string" (depending on wxUSE_STD_STRING_CONV_IN_WXSTRING value).
//
// Default is 1 but only for compatibility reasons, it is recommended to set
// this to 0 because converting wxString to a narrow (non-Unicode) string may
// fail unless a locale using UTF-8 encoding is used, which is never the case
// under MSW, for example, hence such conversions can result in silent data
// loss.
//
// Recommended setting: 0
#define wxUSE_UNSAFE_WXSTRING_CONV 1
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// debugging settings // debugging settings
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------

View File

@ -56,6 +56,18 @@
// Recommended setting: 0 // Recommended setting: 0
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
// Provide unsafe implicit conversions in wxString to "const char*" or
// "std::string" (depending on wxUSE_STD_STRING_CONV_IN_WXSTRING value).
//
// Default is 1 but only for compatibility reasons, it is recommended to set
// this to 0 because converting wxString to a narrow (non-Unicode) string may
// fail unless a locale using UTF-8 encoding is used, which is never the case
// under MSW, for example, hence such conversions can result in silent data
// loss.
//
// Recommended setting: 0
#define wxUSE_UNSAFE_WXSTRING_CONV 1
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// debugging settings // debugging settings
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------

View File

@ -51,6 +51,18 @@
// Recommended setting: 0 // Recommended setting: 0
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
// Provide unsafe implicit conversions in wxString to "const char*" or
// "std::string" (depending on wxUSE_STD_STRING_CONV_IN_WXSTRING value).
//
// Default is 1 but only for compatibility reasons, it is recommended to set
// this to 0 because converting wxString to a narrow (non-Unicode) string may
// fail unless a locale using UTF-8 encoding is used, which is never the case
// under MSW, for example, hence such conversions can result in silent data
// loss.
//
// Recommended setting: 0
#define wxUSE_UNSAFE_WXSTRING_CONV 1
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// debugging settings // debugging settings
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------

View File

@ -1263,7 +1263,9 @@ public:
// they conflict with the implicit conversions to "const char/wchar_t *" // they conflict with the implicit conversions to "const char/wchar_t *"
// which we use for backwards compatibility but do provide them if // which we use for backwards compatibility but do provide them if
// explicitly requested. // explicitly requested.
#if wxUSE_UNSAFE_WXSTRING_CONV && !defined(wxNO_UNSAFE_WXSTRING_CONV)
operator wxStringToStdStringRetType() const { return ToStdString(); } operator wxStringToStdStringRetType() const { return ToStdString(); }
#endif // wxUSE_UNSAFE_WXSTRING_CONV
operator wxStringToStdWstringRetType() const { return ToStdWstring(); } operator wxStringToStdWstringRetType() const { return ToStdWstring(); }
#endif // wxUSE_STD_STRING_CONV_IN_WXSTRING #endif // wxUSE_STD_STRING_CONV_IN_WXSTRING
@ -1517,13 +1519,16 @@ public:
// messages for the code which relies on implicit conversion to char* in // messages for the code which relies on implicit conversion to char* in
// STL build // STL build
#if !wxUSE_STD_STRING_CONV_IN_WXSTRING #if !wxUSE_STD_STRING_CONV_IN_WXSTRING
operator const char*() const { return c_str(); }
operator const wchar_t*() const { return c_str(); } operator const wchar_t*() const { return c_str(); }
#if wxUSE_UNSAFE_WXSTRING_CONV && !defined(wxNO_UNSAFE_WXSTRING_CONV)
operator const char*() const { return c_str(); }
// implicit conversion to untyped pointer for compatibility with previous // implicit conversion to untyped pointer for compatibility with previous
// wxWidgets versions: this is the same as conversion to const char * so it // wxWidgets versions: this is the same as conversion to const char * so it
// may fail! // may fail!
operator const void*() const { return c_str(); } operator const void*() const { return c_str(); }
#endif // wxUSE_UNSAFE_WXSTRING_CONV && !defined(wxNO_UNSAFE_WXSTRING_CONV)
#endif // !wxUSE_STD_STRING_CONV_IN_WXSTRING #endif // !wxUSE_STD_STRING_CONV_IN_WXSTRING
// identical to c_str(), for MFC compatibility // identical to c_str(), for MFC compatibility

View File

@ -54,6 +54,18 @@
// Recommended setting: 0 // Recommended setting: 0
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
// Provide unsafe implicit conversions in wxString to "const char*" or
// "std::string" (depending on wxUSE_STD_STRING_CONV_IN_WXSTRING value).
//
// Default is 1 but only for compatibility reasons, it is recommended to set
// this to 0 because converting wxString to a narrow (non-Unicode) string may
// fail unless a locale using UTF-8 encoding is used, which is never the case
// under MSW, for example, hence such conversions can result in silent data
// loss.
//
// Recommended setting: 0
#define wxUSE_UNSAFE_WXSTRING_CONV 1
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------
// debugging settings // debugging settings
// ---------------------------------------------------------------------------- // ----------------------------------------------------------------------------

View File

@ -151,6 +151,8 @@
#define wxDIALOG_UNIT_COMPATIBILITY 0 #define wxDIALOG_UNIT_COMPATIBILITY 0
#define wxUSE_UNSAFE_WXSTRING_CONV 0
#define wxUSE_ON_FATAL_EXCEPTION 0 #define wxUSE_ON_FATAL_EXCEPTION 0