[Bf-committers] strcat/sprintf and sprintf/sprintf_s

Stealth Apprentice stealthapprentice at yahoo.com
Sun Jan 8 22:20:50 CET 2006 

The *_s functions are Microsoft's secure versions of a
bunch of std lib functions commonly used to implement
buffer overrun exploits.

sprintf_s for example, is similar to snprintf. The big
difference between the two is that snprintf truncates
at n-1 and appends a \0 if the generated string is too
long, whereas sprintf_s clears the buffer and invokes
a "something bad happened" handler.

http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=177815&SiteID=1

What I've done for my VC8 blender project files is to
add this preprocessor definition 

_CRT_SECURE_NO_DEPRECATE

which suppresses the piles of warnings. We as
programmers should be diligent to not create code that
allows buffer overruns. I find Microsoft's approach of
simply deprecating the standard c library to be ham
fisted, non-portable, and not helpful in any
reasonable way.

My opinion is that it might be a worthwhile exercise
to scrub Blender's code for usages that MSVC barfs
about, validate that the code is clean, then suppress
the warnings when done...

--- Ben <ben at half-dome.net> wrote:

> Regards,
> 
> I'm not a very good coder, but I would like to help,
> so these were some 
> things that I found that perhaps I could help with.
> 
> Firstly, like this: 
>
http://projects.blender.org/tracker/index.php?func=detail&aid=3283&group_id=9&atid=127
> 
> there are some places in the code where sprintf +
> strcat could be 
> replaced with a single += sprintf statement. Is this
> desirable?
> 
> 
> Secondly, compiling under windows MSVC throws up a
> lot of errors along 
> the lines of "sprintf is deprecated, consider using
> sprintf_s instead". 
> Is this windows specific? If not, would it be
> helpful for me to go 
> through replacing the functions?
>        Related to that, the difference between
> sprintf and sprintf_s is 
> that a buffer size is required. How I would source
> this is, if earlier 
> in the function the buffer is defined as size x I
> would insert the 
> number given into the sprintf_s function. If the
> number is not in the 
> code, i would use sizeof(buffer). Is this the right
> way?
> 
> 
> 
> Thanks,
> Ben Stabler
> 
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at projects.blender.org
>
http://projects.blender.org/mailman/listinfo/bf-committers
> 



		
__________________________________________ 
Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com

More information about the Bf-committers mailing list