[Bf-committers] strcat/sprintf and sprintf/sprintf_s

Ben ben at half-dome.net
Sun Jan 8 23:18:42 CET 2006


Ok, then its a microsoft only problem *rolls eyes*

I assume that there _isnt_ a buffer problem, or blender would be 
crashing all over the place? So we can assume that the code is clean?

If so, would it be worth sticking that preprocessor definition into the 
vc 6 and 7 files? I don't suppose it matters too much, except that 
perhaps the warnings disguise the information we actually want, and 
printing 6000+ warning messages to the console must slow down the build 
at least a little...

.ben

Stealth Apprentice wrote:
> The *_s functions are Microsoft's secure versions of a
> bunch of std lib functions commonly used to implement
> buffer overrun exploits.
>
> sprintf_s for example, is similar to snprintf. The big
> difference between the two is that snprintf truncates
> at n-1 and appends a \0 if the generated string is too
> long, whereas sprintf_s clears the buffer and invokes
> a "something bad happened" handler.
>
> http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=177815&SiteID=1
>
> What I've done for my VC8 blender project files is to
> add this preprocessor definition 
>
> _CRT_SECURE_NO_DEPRECATE
>
> which suppresses the piles of warnings. We as
> programmers should be diligent to not create code that
> allows buffer overruns. I find Microsoft's approach of
> simply deprecating the standard c library to be ham
> fisted, non-portable, and not helpful in any
> reasonable way.
>
> My opinion is that it might be a worthwhile exercise
> to scrub Blender's code for usages that MSVC barfs
> about, validate that the code is clean, then suppress
> the warnings when done...
>
> --- Ben <ben at half-dome.net> wrote:
>
>   
>> Regards,
>>
>> I'm not a very good coder, but I would like to help,
>> so these were some 
>> things that I found that perhaps I could help with.
>>
>> Firstly, like this: 
>>
>>     
> http://projects.blender.org/tracker/index.php?func=detail&aid=3283&group_id=9&atid=127
>   
>> there are some places in the code where sprintf +
>> strcat could be 
>> replaced with a single += sprintf statement. Is this
>> desirable?
>>
>>
>> Secondly, compiling under windows MSVC throws up a
>> lot of errors along 
>> the lines of "sprintf is deprecated, consider using
>> sprintf_s instead". 
>> Is this windows specific? If not, would it be
>> helpful for me to go 
>> through replacing the functions?
>>        Related to that, the difference between
>> sprintf and sprintf_s is 
>> that a buffer size is required. How I would source
>> this is, if earlier 
>> in the function the buffer is defined as size x I
>> would insert the 
>> number given into the sprintf_s function. If the
>> number is not in the 
>> code, i would use sizeof(buffer). Is this the right
>> way?
>>
>>
>>
>> Thanks,
>> Ben Stabler
>>
>> _______________________________________________
>> Bf-committers mailing list
>> Bf-committers at projects.blender.org
>>
>>     
> http://projects.blender.org/mailman/listinfo/bf-committers
>   




More information about the Bf-committers mailing list