build: re-enable unsafe buffer checks (#45797)

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>

build/args/all.gn

@@ -74,10 +74,4 @@ enterprise_cloud_content_analysis = false
 # https://issues.chromium.org/issues/40943039
 content_enable_legacy_ipc = true
 
-# Electron has its own unsafe-buffers enforcement directories.
-# TODO: clang_unsafe_buffers_paths = "//electron/electron_unsafe_buffers_paths.txt"
-#
-# Disables unsafe-buffers-usage plugin due to incompatibilities with our reclient implementation
-# Ref: https://chromium-review.googlesource.com/c/chromium/src/+/5426599
-# Ref: https://github.com/electron/electron/commit/8e20f16ea35eeaeb149ae63bad3703d782665f6a
-clang_unsafe_buffers_paths = ""
+clang_unsafe_buffers_paths = "//electron/electron_unsafe_buffers_paths.txt"

patches/chromium/.patches

@@ -144,3 +144,4 @@ fix_osr_stutter_in_both_cpu_and_gpu_capture_when_page_has_animation.patch
 ignore_parse_errors_for_pkey_appusermodel_toastactivatorclsid.patch
 fix_win32_synchronous_spellcheck.patch
 fix_drag_and_drop_icons_on_windows.patch
+chore_remove_conflicting_allow_unsafe_libc_calls.patch

patches/chromium/chore_remove_conflicting_allow_unsafe_libc_calls.patch

@@ -0,0 +1,49 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Charles Kerr <charles@charleskerr.com>
+Date: Sat, 22 Feb 2025 13:15:39 -0600
+Subject: chore: remove conflicting allow_unsafe_libc_calls
+
+We want builds to fail if a buffer warning comes from Electron code but
+not from code that we don't maintain (e.g. upstream Chromium code), so
+//electron/electron_unsafe_buffer_paths.txt turns off Chromium warnings.
+
+There are some upstream files that generate warnings *and* also have
+pragmas that override //electron/electron_unsafe_buffer_paths.txt,
+forcing them to be tested. This breaks our build.
+
+Files can be removed from this patch when upstream either removes the
+pragma or fixes the other warnings. This patch can be removed when no
+files are left.
+
+diff --git a/net/cookies/parsed_cookie.cc b/net/cookies/parsed_cookie.cc
+index 7d5d0106a3675b3fa21b0e00a755f5c0ed11c87b..d26c645d70b54b31815c8140954ee6d0a34fa8af 100644
+--- a/net/cookies/parsed_cookie.cc
++++ b/net/cookies/parsed_cookie.cc
+@@ -2,11 +2,6 @@
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+ 
+-#ifdef UNSAFE_BUFFERS_BUILD
+-// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
+-#pragma allow_unsafe_libc_calls
+-#endif
+-
+ // Portions of this code based on Mozilla:
+ //   (netwerk/cookie/src/nsCookieService.cpp)
+ /* ***** BEGIN LICENSE BLOCK *****
+diff --git a/net/http/http_response_headers.cc b/net/http/http_response_headers.cc
+index 34ef2be4415825254c41d5970be33b1195a9a381..4a3462664c22f6d367e02ac03551c22c0db52a4d 100644
+--- a/net/http/http_response_headers.cc
++++ b/net/http/http_response_headers.cc
+@@ -2,11 +2,6 @@
+ // Use of this source code is governed by a BSD-style license that can be
+ // found in the LICENSE file.
+ 
+-#ifdef UNSAFE_BUFFERS_BUILD
+-// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
+-#pragma allow_unsafe_libc_calls
+-#endif
+-
+ // The rules for header parsing were borrowed from Firefox:
+ // http://lxr.mozilla.org/seamonkey/source/netwerk/protocol/http/src/nsHttpResponseHead.cpp
+ // The rules for parsing content-types were also borrowed from Firefox: