[Bf-committers] strcat/sprintf and sprintf/sprintf_s

Stealth Apprentice stealthapprentice at yahoo.com
Sun Jan 8 22:20:50 CET 2006

The *_s functions are Microsoft's secure versions of a
bunch of std lib functions commonly used to implement
buffer overrun exploits.

sprintf_s for example, is similar to snprintf. The big
difference between the two is that snprintf truncates
at n-1 and appends a \0 if the generated string is too
long, whereas sprintf_s clears the buffer and invokes
a "something bad happened" handler.


What I've done for my VC8 blender project files is to
add this preprocessor definition 


which suppresses the piles of warnings. We as
programmers should be diligent to not create code that
allows buffer overruns. I find Microsoft's approach of
simply deprecating the standard c library to be ham
fisted, non-portable, and not helpful in any
reasonable way.

My opinion is that it might be a worthwhile exercise
to scrub Blender's code for usages that MSVC barfs
about, validate that the code is clean, then suppress
the warnings when done...

--- Ben <ben at half-dome.net> wrote:

> Regards,
> I'm not a very good coder, but I would like to help,
> so these were some 
> things that I found that perhaps I could help with.
> Firstly, like this: 
> there are some places in the code where sprintf +
> strcat could be 
> replaced with a single += sprintf statement. Is this
> desirable?
> Secondly, compiling under windows MSVC throws up a
> lot of errors along 
> the lines of "sprintf is deprecated, consider using
> sprintf_s instead". 
> Is this windows specific? If not, would it be
> helpful for me to go 
> through replacing the functions?
>        Related to that, the difference between
> sprintf and sprintf_s is 
> that a buffer size is required. How I would source
> this is, if earlier 
> in the function the buffer is defined as size x I
> would insert the 
> number given into the sprintf_s function. If the
> number is not in the 
> code, i would use sizeof(buffer). Is this the right
> way?
> Thanks,
> Ben Stabler
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at projects.blender.org

Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 

More information about the Bf-committers mailing list