Demo marker contains unguarded use of `__FILE__`

[achabense]

Version/Branch of Dear ImGui:

Version 1.92.2b

Back-ends:

imgui_impl_win32.cpp + imgui_impl_dx9.cpp (and so on)

Compiler, OS:

MSVC (and so on)

Full config/build information:

No response

Details:

imgui/imgui_demo.cpp

Line 291 in a1632c6

#define IMGUI_DEMO_MARKER(section) do { if (GImGuiDemoMarkerCallback != NULL) GImGuiDemoMarkerCallback(__FILE__, __LINE__, section, GImGuiDemoMarkerCallbackUserData); } while (0)

Demo marker introduces the only explicit use of __FILE__ in the imgui library. This makes users calling ShowDemoWindow() at larger risk of exposing their absolute path in the program (especially in release mode), as __FILE__ is expanded to absolute path by default. For example, I find my local path (including private username) being compiled into exe if I compile example/example_win32_directx9 (arbitrarily chosen) in release mode.

There are many ways to prevent the absolute path - there is IMGUI_DISABLE_DEMO_WINDOWS in the library, and there are compiler options to change __FILE__ to relative path (*). However, it adds more risk for users that are unaware of this problem.

Some ideas:

1. Make this an opt-in block, i.e. #ifdef-guarded by macro that's configurable in "imconfig.h", and ideally add a comment warning about __FILE__ being absolute path by default, so only users that actually need this feature have to think about this.
2. Or replace __FILE__ with "imgui_demo.cpp" directly (I'm not familiar with the workings of GImGuiDemoMarkerCallback, so maybe this doesn't work and is not an option.)

See also: libsdl-org/SDL#14290

(*) It's still not enough to prevent all absolute paths... I see another absolute path in the exe (the .pdb file)...

[kjm99d]

IMGUI_DEMO_MARKER lives only in imgui_demo.cpp, and the callback defaults to NULL, so nothing is shown on screen unless someone opts in.

Keeping the demo in release builds will naturally embed its debug strings which is why we normally suggest defining IMGUI_DISABLE_DEMO_WINDOWS or dropping imgui_demo.cpp for shipping builds.

Maybe a short comment or optional macro around the marker could make this clearer,
but I wouldn't treat it as a core bug.

[achabense]

so nothing is shown on screen unless someone opts in.

I mean the absolute path is brought to exe. The screenshot is gotten by searching path in the release binary.

Keeping the demo in release builds will naturally embed its debug strings ...

But it's because demo functions use IMGUI_DEMO_MARKER and IMGUI_DEMO_MARKER uses __FILE__. This will not happen if IMGUI_DEMO_MARKER is expanded to ((void)0) by default.

[achabense]

Also, I think it's not a good idea to have GImGuiDemoMarkerCallback rely on __FILE__ being absolute path. It makes a dependency that the original project / source file shouldn't be removed...

And if the users already avoid this dependency intentionally, then idea-2 (replace __FILE__ with "imgui_demo.cpp" (*)) may be a better choice.

(*): or even don't introduce file name/path at all - let GImGuiDemoMarkerCallback itself decide where to find file.