use of strcpy, strcat, etc in Boost libraries
Hi All, In my post on the "vc8.0 toolset (bjam)" thread, I commented that VC8 also warns when using the str[n]xxx APIs, because MS declares them deprecated. There are several issues here: [1] How does this impact Boost code that uses the <cstring> API? Especially since they deprecate the strn variations as well, which are safer, and considering that the "safe" versions are not yet a part of the standard. Would it be possible to put this in the Boost <cstring> header? I.e. using the safe versions for VC8 and using the C9x API for the other compilers/libraries. [2] Does this affect the Intel compiler using the Dinkumware libraries because Intel does not like how the library declares items deprecated. (This is already an issue using the <locale> header and <hash_xxx> extensions). [3] What are the wider security issues of using strcpy, etc in Boost code? The libraries should use the strnxxx variants for better protection against buffer overrun attacks, but I found several instances where strcpy was used (I haven't checked for strcat, strcmp and others) instead of strncpy: boost/regex/v4/regex_cstring.hpp (104): use of strcpy [via re_strcpy] libs/regex -- various files using strcpy libs/serialization/test/test_tools.hpp (69): use of strcpy [via STRCPY] libs/smart_ptr/test/smart_ptr_test.cpp (139/223): use of strcpy tools/build/jam_src -- execnt.c; regexp.c; variable.c [4] Doing this, I found that regex was using re_strcpy as a workaround for Borland using strxxx as macros when using intrinsics. Serialization uses STRCPY for a similar workaround, and my fixed_string library uses the following: # if defined(__BORLANDC__) && defined(strcpy) // replace Borland instrinsic string function # undef strcpy inline char * strcpy( char * dest, const char * src ) { return( __strcpy__( dest, src )); } # endif So: should the workarounds be placed in <cstring> and affected libraries use the Boost version. NOTE: I suggested telling Boost.Build to disable the deprecated API warning for the upcoming release and then address these issues for the next (1.33) release. Thoughts? Comments? Regards, Reece
"Reece Dunn" wrote:
Thoughts? Comments?
Radical! AFAIK, programmers have been writing enhancements to string functions that take buffer size argument for years. Repetitive work. Thus, the standards comitees should do something ASAP. Tony There is an old story of a certain nuclear comitee that was so scared to discuss the tough real issues that they discussed where bycicles should be parked for several hours during each of their meetings. I couldn't find a link to the story on Google.
"Tony Juricic" <tonygeek@yahoo.com> wrote in message news:cji01r$109$1@sea.gmane.org...
There is an old story of a certain nuclear comitee that was so scared to discuss the tough real issues that they discussed where bycicles should be parked for several hours during each of their meetings. I couldn't find a link to the story on Google.
Try typing "bicycle" into the search field at boost.org. Jonathan
"Reece Dunn" <msclrhd@hotmail.com> wrote in message news:415C700D.7080308@hotmail.com...
Hi All,
In my post on the "vc8.0 toolset (bjam)" thread, I commented that VC8 also warns when using the str[n]xxx APIs, because MS declares them deprecated. There are several issues here:
[1] How does this impact Boost code that uses the <cstring> API? Especially since they deprecate the strn variations as well, which are safer, and considering that the "safe" versions are not yet a part of the standard.
Are you refering to the versions with the 'n' as the safe versions? If so, these are from C89 and so are part of the current C++ standard. (My source is Plaugher's book, since I don't have a copy of C89.) AFAIK, these functions have not been deprecated by any relevant standards body. I think microsoft has deprecated them in favor of its Strsafe.h functions (http://tinyurl.com/6z3na.). Since they will still be part of the standard and are widely used, I can't imagine microsoft ever actually removing these functions. So I think the correct route is to ignore or disable the warnings. It looks like microsoft offers the option of defining _CRT_SECURE_NO_DEPRECATE to suppress the deprecation warnings, but I 'm not sure it would be appropriate for boost to definte this automatically. Maybe someone with ties to microsoft, such as Bronek Kozicki or Carl Daniel, can correct me if I'm wrong. Jonathan
"Jonathan Turkanis" <technews@kangaroologic.com> wrote in message news:cjhvpf$vs1$1@sea.gmane.org...
"Reece Dunn" <msclrhd@hotmail.com> wrote in message news:415C700D.7080308@hotmail.com...
Hi All,
In my post on the "vc8.0 toolset (bjam)" thread, I commented that VC8 also warns when using the str[n]xxx APIs, because MS declares them deprecated. There are several issues here:
Are you refering to the versions with the 'n' as the safe versions? If so,
these Okay, I see. The 'safe versions' are the ones with the trailing '_s', right? (http://tinyurl.com/6pkva) Still, I don't see any reason to worry.
From your previous message:
Would it be possible to put this in the Boost <cstring> header? I.e. using the safe versions for VC8 and using the C9x API for the other compilers/libraries.
Now that I know what you're talking about, could you elaborate on this? Jonathan
"Jonathan Turkanis" wrote:
Maybe someone with ties to microsoft, such as Bronek Kozicki or Carl Daniel, can correct me if I'm wrong.
I have PDF "Security and Standard Libraries", author Martyn Lovell from MS Corp, dated 4/17/2003 where _s versions were proposed. Article ends with: Suggestions? Follow-up: MartynL@micorosft.com Tony
At 04:43 PM 9/30/2004, Reece Dunn wrote:
Hi All,
In my post on the "vc8.0 toolset (bjam)" thread, I commented that VC8 also warns when using the str[n]xxx APIs, because MS declares them deprecated. There are several issues here:
...
Thoughts? Comments?
The C committee is working on a Security TR which will incorporate a number of these new functions. See http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1055.pdf, but be warned that this is a draft document and subject to change. The C++ committee has indicated an interest in a similar TR for C++, based on incorporating the C committee's Security TR plus a relatively small number of additions covering issues specific to C++. So presumably Boost will want to transition to these new functions on a toolset-by-toolset basis as they become available. We might want to talk about providing our own implementation of some or all of these functions to speed transition. Regardless, we need a plan. --Beman
participants (4)
-
Beman Dawes -
Jonathan Turkanis -
Reece Dunn -
Tony Juricic