stb_image_write: warning C4996: ... Consider using sprintf_s ...

nothings / stb

stb single-file public domain libraries for C/C++

https://twitter.com/nothings

Other

26.56k stars 7.69k forks source link

stb_image_write: warning C4996: ... Consider using sprintf_s ... #1446

Open etavardt opened 1 year ago

etavardt commented 1 year ago

During a MS VS C++ build, I get the following warning.

stb_image_write.h(776): warning C4996: 'sprintf': This function or variable may be unsafe. 
Consider using sprintf_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS.
See online help for details.

Expected behavior

I expect to see warnings that are relevant to my code without adding _CRT_SECURE_NO_WARNINGS to my build. 
If I did add it I would not see Warnings for my own code as well and I do wish to see them.

etavardt commented 1 year ago

My work around is to place: #define __STDC_LIB_EXT1__ along with: #define STB_IMAGE_WRITE_IMPLEMENTATION just before the: #include <stb/stb_image_write.h>

I don't know if this is a good idea or not but it got rid of the warning. I'll know better once I start implementing my save function.

FYI: keep up the good work.

N-R-K commented 1 year ago

I expect to see warnings that are relevant to my code without adding _CRT_SECURE_NO_WARNINGS to my build. If I did add it I would not see Warnings for my own code as well and I do wish to see them.

stb libraries try to compile without warnings - so this is not a "solution" but as a temporary workaround - it's typically possible to silence warnings for a section of code via some sort of pragma. GCC and Clang accept the following:

#pragma GCC diagnostic push /* also works on clang */
#pragma GCC diagnostic ignored "-Wunused-function"
#define HEADERLIB_IMPLEMENTATION
#include "headerlib.h"
#pragma GCC diagnostic pop

I'd assume msvc would have similar construct - but I don't use msvc so cannot help you further.

#define __STDC_LIB_EXT1__

AFAIU that macro should be defined by the implementation (i.e libc) if they support Annex K. I don't believe it's something the user is meant to define themselves (?)

etavardt commented 1 year ago

You make a good point about not using #define __STDC_LIB_EXT1__

So I went with this:

#define STB_IMAGE_WRITE_IMPLEMENTATION
#pragma warning( push )
#pragma warning(disable:4996)
#include <stb/stb_image_write.h>
#pragma warning( pop )

Maybe you may consider using this wrapper in stb_image_write. as you already have the test condition to use sprintf_s if the requirements are met. Just a suggestion. You may close this issue otherwise if you want or is this something only I can do?

nothings commented 1 year ago

We should just use sprintf_s instead as needed. It just requires conditional compilation to support all the compilers, so it requires search and testing to get right.

dsieger commented 1 year ago

Getting a similar warning on latest macOS / clang 14.0.3:

stb_image_write.h:776:13: warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only.  Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Wdeprecated-declarations]

Would just using snprintf an option or are there concerns regarding compiler / platform support?

Thanks!

ismagilli commented 7 months ago

For macOS / clang I create PR #1619. I hope it will be merged.

julcst commented 4 months ago

I have the same issue currently I have to use this very ugly workaround:

#ifndef __STDC_LIB_EXT1__
#define __STDC_LIB_EXT1__
#define sprintf_s snprintf
#endif
#define STB_IMAGE_WRITE_IMPLEMENTATION
#include <stb_image_write.h>

@ismagilli I also hope your fix gets merged.