Geek Answers Handbook

Should I use protected versions of POSIX functions on MSVC-C

I am writing C code that is expected to be compiled on multiple compilers (at least MSVC and GCC ). Since I start with C, I have all the warnings, and the warnings are handled as errors ( -Werror in GCC and /WX in MSVC) so that I don't make stupid mistakes.

When I compiled some code that strcpy uses in MSVC, I get a warning like

warning C4996: 'strcpy': This function or variable may be unsafe. Consider using strcpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details.

I'm a little confused. Many common features are deprecated on MSVC. Should I use this protected version on Windows? If so, should I wrap strcpy something like

 my_strcpy() { #ifdef WIN32 // use strcpy_s #ELSE // use strcpy }

Any thoughts?

+6
c cross-platform deprecated compiler-warnings visual-c ++
source share
3 answers

There are many, many discussions on this topic. The usual suspects, such as strncpy, strlcpy and everything that reappears here, I'm sure. Just enter "strcpy" in the search field and read some longer threads to get an overview.

My advice: whatever your final choice, it’s nice to follow the DRY principle and continue to do so, as in your my_strcpy () example. Don't make raw calls all over your code, use wrappers and centralize them in your own string processing library. This will reduce the overall code (template), and you have one central place to make changes if you change your mind later.

Of course, this opens up some other banks of worms, especially for beginners: responsibility for memory processing and interface design. And the topic itself, and 5 people will give you 10 suggestions on how to do this. The central library, as a rule, has a pleasant effect that it provides a decision that you will follow throughout your code base, instead of using method a in module A and method b in module B, causing problems when trying to connect A to B. .

+4
source share

Whenever you move data between non-constant-size buffers, you should (gasp! Omg!) Actually think about whether it fits. Using functions (such as MS-specific strcpy_s or BSD strlcpy ) that should be "safe" will protect you from the explicit conditions of some buffer overflows, but will not protect you from errors resulting from line truncation. It also does not protect you from entire overflows when calculating the required buffer sizes.

If you are not a specialist in C-lines, I would recommend forgetting about special functions and commenting on each line of your code that will write records of variable length / position with the rationale for how you know at this point in the program that the length / offset is you are going to use, is within the size of the buffer. Do this for lines in which you perform arithmetic by size / offsets - let us know how you know that arithmetic will not overflow, and add tests for overflow if you think you don't know.

Another approach is to completely wrap all your string processing in a string object that stores the length of the buffer along with the string and is automatically redistributed when the string needs to be enlarged, and then use only const char * read-only read access to the strings, when you need to pass them to system functions or other libraries. This will sacrifice the good result you expect from C, but it will help you avoid mistakes. Just do not do it to the extreme. No need to duplicate things like strchr , strstr etc. In your string wrapper. Just provide methods for duplicating string objects, combine them and trim them, and then with existing library functions that work with const char * , you can do almost anything you want.

+4
source share

I would like to use the more secure snprintf & dagger; which is available on both platforms, and does not have different paths depending on the platform. You will need to use the definition to prevent alerts on the MSVC.

<sub> & X; although perhaps a little less secure - it will return a string that will not be null-terminated on error, so you should check the return, but this will not cause a buffer overflow.

+1
source share

More articles:


All Articles