Author: Dann Corbit
Date: 11:13:02 12/16/05
Go up one level in this thread
On December 16, 2005 at 13:05:18, Eugene Nalimov wrote:
>On December 16, 2005 at 12:32:10, Daniel Mehrmannn wrote:
>
>>On December 16, 2005 at 12:10:29, Bo Persson wrote:
>>
>>>On December 16, 2005 at 11:20:56, Daniel Mehrmannn wrote:
>>>
>>>>On December 16, 2005 at 11:00:22, Eugene Nalimov wrote:
>>>>
>>>>>On December 16, 2005 at 08:43:05, Daniel Mehrmannn wrote:
>>>>>
>>>>>>On December 16, 2005 at 08:12:49, Alessandro Scotti wrote:
>>>>>>
>>>>>>>On December 16, 2005 at 07:32:42, Daniel Mehrmannn wrote:
>>>>>>>
>>>>>>>>But there is no other way than editing the SDK files - which is bullshit
>>>>>>>
>>>>>>>> Message: 'This function or variable may be unsafe. Consider using
>>>>>>>>sscanf_s instead. To disable deprecation, use _CRT_SECURE_NO_DEPRECATE. See
>>>>>>>>online help for details.'
>>>>>>>
>>>>>>>Hi Daniel,
>>>>>>>like the above message suggests, just define _CRT_SECURE_NO_DEPRECATE symbol in
>>>>>>>your project settings (or in the compiler command line) and the warning goes
>>>>>>>away.
>>>>>>
>>>>>>Hi Alessandro,
>>>>>>
>>>>>>that's the problem. It doesn't work :( It's a bug i guess. If you looking with
>>>>>>"google", you'll find it :((
>>>>>>So you must edit the SDK Files.
>>>>>>
>>>>>>Best,
>>>>>>Daniel
>>>>>
>>>>>That's very strange. That always worked, and I think you are doing something
>>>>>incorrectly.
>>>>>
>>>>>You can specify /D_CRT_SECURE_NO_DEPRECATE at the compiler command line, or you
>>>>>can add _CRT_SECURE_NO_DEPRECATE to the list of the predefined symbols somewhere
>>>>>in the project settings.
>>>>>
>>>>>And FYI: Microsoft submitted "safe" versions of those functions to the C/C++
>>>>>Standard committees, and based on the feedback we believe they will be included
>>>>>in the next versions of the Standards. So that's not only "the Microsoft way"...
>>>>>
>>>>>Thanks,
>>>>>Eugene
>>>>
>>>>
>>>>Hello Eugene,
>>>>
>>>>thanks for your help.
>>>>
>>>>I think it would be better to add your "secure" function as additional and not
>>>>as standard and the user must do some steps to disable it.
>>>
>>>Do you always run your compiler with the default settings?
>>>
>>>I agree that they could have documented the change better, but that's a minor
>>>problem.
>>>
>>>>Microsofte creating new own standards and think the world will be accept it
>>>>easily ?
>>>
>>>Please take a look at this official document from the C Standard Committee's
>>>site:
>>>
>>>http://www.open-std.org/JTC1/SC22/WG14/www/docs/n1146.pdf
>>>
>>>It is a proposal "Extensions to the C Library - Part I: Bounds-checking
>>>interfaces".
>>>
>>>>
>>>>Thats is strange and may one reason why Microsoft is unpopularly in some zones.
>>>
>>>The usual complaint is that they wait too long before they implement new
>>>standards. This time they were too fast? :-)
>>>
>>>
>>>Bo Persson
>>
>>
>>This paper is a working darft and not offical. However that a logical war with
>>no result like "Windows vs Linux" and M$ did this step not the first time.
>>
>>So this is my last post.
>>
>>Best,
>>Daniel
>
>Ok, and here is *my* last post on that issue.
>
>(1) I don't agree with everything Microsoft is doing, but I believe that
>introducing "safe" functions is the right thing to do.
I agree. Also, gets() should clearly be replaced with this (implementation by
Jack Klein):
#include <stdio.h>
#include <string.h>
char *getsafe(char *buffer, int count)
{
char *result = buffer, *np;
if ((buffer == NULL) || (count < 1))
result = NULL;
else if (count == 1)
*result = '\0';
else if ((result = fgets(buffer, count, stdin)) != NULL)
if (np = strchr(buffer, '\n'))
*np = '\0';
return result;
}
>(2) I agree that wording of warning message is misleading. I can only say that
>we have several leading C++ experts (e.g. Herb Sutter) in the compiler group,
>and they missed that. More, we started to emit that warning in beta 2, and it
>was made public more than 6 months prior to ship of the final product. Again,
>nobody complained, including people who are very loud now. So probably the issue
>is not very serious; in any case it would be addressed.
I complained, but I don't remember where. I think I sent a message to MS, but I
can't be sure about it.
The only problem I have with the warnings is that the content is iffy. Instead
of deprecation of a standard language feature, I would have said something like:
"Warning: function <foo> is potentially unsafe due to the possibility of buffer
overruns. It is recommended to use function <foo_s> instead."
The 'feature is deprecated' SOUNDS really arrogant. After all, those functions
are part of the language standard.
>(3) Microsoft is providing new secure functions *in addition* to the unsafe ones
>that are part of the Standard. You can use continue to use unsafe ones. In the
>default configuration you'll get compiler warning on them, but you can turn them
>off. I don't know why you were not able to do so, and suspect some mistake on
>your side.
This is an excellent service to the C and C++ communitiies.
>(4) Microsoft submitted those functions to the Standard committees, and we
>believe they will be included in the next Standard versions. Other vendors are
>free to include them in their products -- there are no patents/license issues.
>Programs that use those functions are safer and less prune to exploits. Nobody
>says that those functions are "silver bullet", but they definitely help. (There
>are other ways for compiler to generate safer and more hacker-resist code -- we
>improved Visual C 8.0 a lot in that area). All new Microsoft products are using
>only new "safe" functions; we cleaned our codebase.
These things are a good idea.
>[Previous was my own opinion, but I believe it more-or-less match "official"
>Microsoft line; I am not sure how following thoughts correspond to the Microsoft
>policy].
>
>(5) Developers are lazy; you should force safer ways of doing something in their
>throat, otherwise they will address some issues only at the latest possible
>moment. Warnings help a lot. Large ISVs meet "safe" string functions
>enthusiastically, main complain is why we are doing that so late.
Hey, I resemble that remark!
;-)
>Thanks,
>Eugene
>
>(Not speaking for Microsoft)
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.