dimztimz
commented
7 years ago Classic Microsoft nulls*it. It marks the standard library functions as unsafe.
Closed donovaly closed 7 years ago
dimztimz
commented
7 years ago Classic Microsoft nulls*it. It marks the standard library functions as unsafe.
donovaly
commented
7 years ago It marks the standard library functions as unsafe.
Hmm, I just googled and it seems that fopen is indeed potentially unsecure:
"fopen_s is a variant of fopen which contains parameter validation and hands back an error code instead of a pointer in case something goes wrong during the open process. It's more secure than the base variant because it accounts for more edge conditions. The compiler is warning you to use it because fopen represents a potential exploitation vector in your application." (https://stackoverflow.com/questions/2575116/fopen-fopen-s-and-writing-to-files)
It also seems that fopen_s is since years in the C standard: http://en.cppreference.com/w/c/io/fopen
So why not using fopen_s instead of fopen?
dimztimz
commented
7 years ago You are probably new to C programming. Nobody uses those _s functions besides some people at Microsoft. For long time they were specific only to MSVC.
donovaly
commented
7 years ago Nobody uses those _s functions besides some people at Microsoft. For long time they were specific only to MSVC.
I am indeed no real programmer but I don't understand that googling tells me that the _s functions are more safe and that they are part of the C specifications since 2011.
So if they are more safe then I don't understand why they cannot be used. What would be the drawback for mythes when the _s functions are used?
dimztimz
commented
7 years ago This is closed, please.
dimztimz
commented
7 years ago Let me elaborate a little bit.
fopen is NOT unsafe in the first place, it is safe. It is only Microsoft lie to use fopen_s, without giving any argument why it is safer. Neither the stackoverflow answer gives any argument or proof for their claims.
In programming we use mathematical proofs, not speculation.
The only really unsafe function in C library is gets. And we don't use that.
donovaly
commented
7 years ago From: Dimitrij MijoskiSent: Mittwoch, 16. August 2017 13:41> Let me elaborate a little bit...Thanks Dimitrij,As I wrote I am not a real programmer. So I don't know much about the background. As you explained the _s functions are not available on GCC (I checked this) si they are no option. To avoid the compiler warning one can set a flag only for MSVC. I foind such code yesterday. I'll try to send a patch accordingly.In the links sent it seems that the _s functions should be safer but as I don't know the background of pointers etc. I cannot judge these statements. Regards Uwe
Compiling mythes using MSVC 2015 gives me these warnings:
D:\LyXGit\Master\3rdparty\mythes\1.2.5\mythes.cxx(38): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [D:\LyXGit\Master\compile-2015\3rdparty\mythes\mytheslibstatic.vcxproj] D:\LyXGit\Master\3rdparty\mythes\1.2.5\mythes.cxx(94): warning C4996: 'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [D:\LyXGit\Master\compile-2015\3rdparty\mythes\mytheslibstatic.vcxproj] D:\LyXGit\Master\3rdparty\mythes\1.2.5\mythes.cxx(247): warning C4996: 'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [D:\LyXGit\Master\compile-2015\3rdparty\mythes\mytheslibstatic.vcxproj] D:\LyXGit\Master\3rdparty\mythes\1.2.5\mythes.cxx(249): warning C4996: 'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [D:\LyXGit\Master\compile-2015\3rdparty\mythes\mytheslibstatic.vcxproj]
So the warnings are about using fopen and strncpy. I don't know if the suggesting in the warnings make sense or not so i reported them here that you can have a look.