[Bf-committers] strcat/sprintf and sprintf/sprintf_s

Mon Jan 9 00:06:33 CET 2006

I have the impression right now that people are using
the auto-magic import of VC7 files to build blender
for VC8. So putting the prepoc def in the VC7 file
would help that out. There's probably no reason to put
the def in VC6 project files because the standard
library is different and the 6000 warnings don't
appear.

--- Ben <ben at half-dome.net> wrote:

> Ok, then its a microsoft only problem *rolls eyes*
> 
> I assume that there _isnt_ a buffer problem, or
> blender would be 
> crashing all over the place? So we can assume that
> the code is clean?
> 
> If so, would it be worth sticking that preprocessor
> definition into the 
> vc 6 and 7 files? I don't suppose it matters too
> much, except that 
> perhaps the warnings disguise the information we
> actually want, and 
> printing 6000+ warning messages to the console must
> slow down the build 
> at least a little...
> 
> .ben
> 
> Stealth Apprentice wrote:
> > The *_s functions are Microsoft's secure versions
> of a
> > bunch of std lib functions commonly used to
> implement
> > buffer overrun exploits.
> >
> > sprintf_s for example, is similar to snprintf. The
> big
> > difference between the two is that snprintf
> truncates
> > at n-1 and appends a \0 if the generated string is
> too
> > long, whereas sprintf_s clears the buffer and
> invokes
> > a "something bad happened" handler.
> >
> >
>
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=177815&SiteID=1
> >
> > What I've done for my VC8 blender project files is
> to
> > add this preprocessor definition 
> >
> > _CRT_SECURE_NO_DEPRECATE
> >
> > which suppresses the piles of warnings. We as
> > programmers should be diligent to not create code
> that
> > allows buffer overruns. I find Microsoft's
> approach of
> > simply deprecating the standard c library to be
> ham
> > fisted, non-portable, and not helpful in any
> > reasonable way.
> >
> > My opinion is that it might be a worthwhile
> exercise
> > to scrub Blender's code for usages that MSVC barfs
> > about, validate that the code is clean, then
> suppress
> > the warnings when done...
> >
> > --- Ben <ben at half-dome.net> wrote:
> >
> >   
> >> Regards,
> >>
> >> I'm not a very good coder, but I would like to
> help,
> >> so these were some 
> >> things that I found that perhaps I could help
> with.
> >>
> >> Firstly, like this: 
> >>
> >>     
> >
>
http://projects.blender.org/tracker/index.php?func=detail&aid=3283&group_id=9&atid=127
> >   
> >> there are some places in the code where sprintf +
> >> strcat could be 
> >> replaced with a single += sprintf statement. Is
> this
> >> desirable?
> >>
> >>
> >> Secondly, compiling under windows MSVC throws up
> a
> >> lot of errors along 
> >> the lines of "sprintf is deprecated, consider
> using
> >> sprintf_s instead". 
> >> Is this windows specific? If not, would it be
> >> helpful for me to go 
> >> through replacing the functions?
> >>        Related to that, the difference between
> >> sprintf and sprintf_s is 
> >> that a buffer size is required. How I would
> source
> >> this is, if earlier 
> >> in the function the buffer is defined as size x I
> >> would insert the 
> >> number given into the sprintf_s function. If the
> >> number is not in the 
> >> code, i would use sizeof(buffer). Is this the
> right
> >> way?
> >>
> >>
> >>
> >> Thanks,
> >> Ben Stabler
> >>
> >> _______________________________________________
> >> Bf-committers mailing list
> >> Bf-committers at projects.blender.org
> >>
> >>     
> >
>
http://projects.blender.org/mailman/listinfo/bf-committers
> >   
> 
> 
> _______________________________________________
> Bf-committers mailing list
> Bf-committers at projects.blender.org
>
http://projects.blender.org/mailman/listinfo/bf-committers
> 

__________________________________________ 
Yahoo! DSL – Something to write home about. 
Just $16.99/mo. or less. 
dsl.yahoo.com 